diff --git a/src/data/roadmaps/cyber-security/content/acl@35oCRzhzpVfitQPL4K9KC.md b/src/data/roadmaps/cyber-security/content/acl@35oCRzhzpVfitQPL4K9KC.md index e69de29bb..40a5bc8c6 100644 --- a/src/data/roadmaps/cyber-security/content/acl@35oCRzhzpVfitQPL4K9KC.md +++ b/src/data/roadmaps/cyber-security/content/acl@35oCRzhzpVfitQPL4K9KC.md @@ -0,0 +1,8 @@ +# ACL + +An Access Control List (ACL) is a security mechanism used to define which users or system processes are granted access to objects, such as files, directories, or network resources, and what operations they can perform on those objects. ACLs function by maintaining a list of permissions attached to each object, specifying the access rights of various entities—like users, groups, or network traffic—thereby providing fine-grained control over who can read, write, execute, or modify the resources. This method is essential in enforcing security policies, reducing unauthorized access, and ensuring that only legitimate users can interact with sensitive data or systems. + +Learn more from the following resources: + +- [@article@Access Control List: Definition, Types & Usages](https://www.okta.com/uk/identity-101/access-control-list/) +- [@video@Access Control Lists](https://www.youtube.com/watch?v=IwLyr0mKK1w) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/acls@8JM95sonFUhZCdaynUA_M.md b/src/data/roadmaps/cyber-security/content/acls@8JM95sonFUhZCdaynUA_M.md index 0e16072dc..fbef0dbd6 100644 --- a/src/data/roadmaps/cyber-security/content/acls@8JM95sonFUhZCdaynUA_M.md +++ b/src/data/roadmaps/cyber-security/content/acls@8JM95sonFUhZCdaynUA_M.md @@ -1,39 +1,8 @@ # ACLs -Access Control Lists (ACLs) act as an essential part of an organization's security infrastructure by helping to manage access rights to resources and maintain security between users, groups, and systems. +An Access Control List (ACL) is a security mechanism used to define which users or system processes are granted access to objects, such as files, directories, or network resources, and what operations they can perform on those objects. ACLs function by maintaining a list of permissions attached to each object, specifying the access rights of various entities—like users, groups, or network traffic—thereby providing fine-grained control over who can read, write, execute, or modify the resources. This method is essential in enforcing security policies, reducing unauthorized access, and ensuring that only legitimate users can interact with sensitive data or systems. -In this section, we will discuss the following: +Learn more from the following resources: -- What are Access Control Lists -- Types of ACLs -- How to implement and administer ACLs - -## What are Access Control Lists - -Access Control Lists are rule sets that define which user, group, or system has access to specific resources and determine what type of access they have (e.g., read or write). ACLs act as a barrier to prevent unauthorized access to sensitive data and systems; this can help maintain confidentiality, integrity, and availability of your organization's critical assets. - -## Types of ACLs - -There are two primary types of ACLs: Discretionary and Mandatory. - -- **Discretionary Access Control Lists (DACLs)** - DACLs allow the owner of a resource to determine who can gain access to the resource, and the level of access they can have. For example, a user or a group of users may have read access rights to a particular file, whereas another group may have full control over the file. - -- **Mandatory Access Control Lists (MACLs)** - MACLs rely on predefined security labels or classifications to enforce access control. In this case, resources are assigned security labels, and users or systems are given security clearances. Access is granted only if the user's security clearance level matches the resource label. - -## Implementing and Administering ACLs - -Here are some best practices you can follow when implementing and administering Access Control Lists: - -- **Define clear access policies**: Establish clear rules and guidelines for accessing resources, such as who can access specific resources and what type of access they can have. - -- **Use Role-Based Access Control (RBAC)**: Assign permissions to roles instead of individual users. This will help simplify the ACL management process. - -- **Regular audits and reviews**: Periodically review and update the ACLs to ensure that access permissions are aligned with business requirements and security policies. - -- **Apply the principle of least privilege**: Grant users the minimum privileges they need to perform their tasks. - -- **Maintain a change management process**: Document all changes to ACLs, including the date of change, the reason for the change, and the individual responsible for executing the change. - -Remember that a well-implemented and maintained ACL system can significantly reduce the risks associated with unauthorized access to your organization's critical assets. +- [@article@Access Control List: Definition, Types & Usages](https://www.okta.com/uk/identity-101/access-control-list/) +- [@video@Access Control Lists](https://www.youtube.com/watch?v=IwLyr0mKK1w) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/antimalware@9QtY1hMJ7NKLFztYK-mHY.md b/src/data/roadmaps/cyber-security/content/antimalware@9QtY1hMJ7NKLFztYK-mHY.md index e69de29bb..5b9347344 100644 --- a/src/data/roadmaps/cyber-security/content/antimalware@9QtY1hMJ7NKLFztYK-mHY.md +++ b/src/data/roadmaps/cyber-security/content/antimalware@9QtY1hMJ7NKLFztYK-mHY.md @@ -0,0 +1,8 @@ +# Anti-malware + +Anti-malware is a type of software designed to detect, prevent, and remove malicious software, such as viruses, worms, trojans, ransomware, and spyware, from computer systems. By continuously scanning files, applications, and incoming data, anti-malware solutions protect devices from a wide range of threats that can compromise system integrity, steal sensitive information, or disrupt operations. Advanced anti-malware programs utilize real-time monitoring, heuristic analysis, and behavioral detection techniques to identify and neutralize both known and emerging threats, ensuring that systems remain secure against evolving cyber attacks. + +Learn more from the following resources: + +- [@video@How Does Antivirus and Antimalware Software Work?](https://www.youtube.com/watch?v=bTU1jbVXlmM) +- [@article@What is antimalware?](https://riskxchange.co/1006974/cybersecurity-what-is-anti-malware/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/antivirus@3140n5prZYySsuBHjqGOJ.md b/src/data/roadmaps/cyber-security/content/antivirus@3140n5prZYySsuBHjqGOJ.md index e69de29bb..128933e1d 100644 --- a/src/data/roadmaps/cyber-security/content/antivirus@3140n5prZYySsuBHjqGOJ.md +++ b/src/data/roadmaps/cyber-security/content/antivirus@3140n5prZYySsuBHjqGOJ.md @@ -0,0 +1,8 @@ +# Antivirus + +Antivirus software is a specialized program designed to detect, prevent, and remove malicious software, such as viruses, worms, and trojans, from computer systems. It works by scanning files and programs for known malware signatures, monitoring system behavior for suspicious activity, and providing real-time protection against potential threats. Regular updates are essential for antivirus software to recognize and defend against the latest threats. While it is a critical component of cybersecurity, antivirus solutions are often part of a broader security strategy that includes firewalls, anti-malware tools, and user education to protect against a wide range of cyber threats. + +Learn more from the following resources: + +- [@video@What is an antivirus and how does it keep us safe?](https://www.youtube.com/watch?v=jW626WMWNAE) +- [@article@What is antivirus software?](https://www.webroot.com/gb/en/resources/tips-articles/what-is-anti-virus-software) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/anyrun@GZHFR43UzN0WIIxGKZOdX.md b/src/data/roadmaps/cyber-security/content/anyrun@GZHFR43UzN0WIIxGKZOdX.md index e69de29bb..f43c75583 100644 --- a/src/data/roadmaps/cyber-security/content/anyrun@GZHFR43UzN0WIIxGKZOdX.md +++ b/src/data/roadmaps/cyber-security/content/anyrun@GZHFR43UzN0WIIxGKZOdX.md @@ -0,0 +1,8 @@ +# ANY.RUN + +ANY.RUN is an interactive online malware analysis platform that allows users to safely execute and analyze suspicious files and URLs in a controlled, virtualized environment. This sandbox service provides real-time insights into the behavior of potentially malicious software, such as how it interacts with the system, what files it modifies, and what network connections it attempts to make. Users can observe and control the analysis process, making it a valuable tool for cybersecurity professionals to identify and understand new threats, assess their impact, and develop appropriate countermeasures. ANY.RUN is particularly useful for dynamic analysis, enabling a deeper understanding of malware behavior in real-time. + +Learn more from the following resources: + +- [@official@ANY.RUN Website](https://any.run/) +- [@video@Malware analysis with ANY.RUN](https://www.youtube.com/watch?v=QH_u7DHKzzI) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/apt@l0BvDtwWoRSEjm6O0WDPy.md b/src/data/roadmaps/cyber-security/content/apt@l0BvDtwWoRSEjm6O0WDPy.md index 90d171c77..4282cdf5e 100644 --- a/src/data/roadmaps/cyber-security/content/apt@l0BvDtwWoRSEjm6O0WDPy.md +++ b/src/data/roadmaps/cyber-security/content/apt@l0BvDtwWoRSEjm6O0WDPy.md @@ -2,26 +2,7 @@ Advanced Persistent Threats, or APTs, are a class of cyber threats characterized by their persistence over a long period, extensive resources, and high level of sophistication. Often associated with nation-state actors, organized cybercrime groups, and well-funded hackers, APTs are primarily focused on targeting high-value assets, such as critical infrastructure, financial systems, and government agencies. -## Key Aspects of APT - -- **Persistence**: APTs are designed to maintain a low profile and operate under the radar for extended periods. Hackers use advanced techniques to maintain access and control over their targets, and continually adapt and evolve in order to avoid being discovered. - -- **Sophistication**: APTs are known for employing a wide range of techniques and tactics to infiltrate and exploit their targets, including zero-day vulnerabilities, spear-phishing, social engineering, and advanced malware. The level of expertise behind APTs is typically higher than your average cybercriminal. - -- **Motivation**: APTs often have significant resources behind them, which allows for sustained cyber campaigns against specific targets. The motivation can be monetary gain, espionage, or even maintaining a competitive edge in the marketplace. APTs can also be used to sow chaos and destabilize geopolitical rivals. - -## Detecting and Mitigating APTs - -Due to the sophisticated and persistent nature of APTs, they can be challenging to detect and protect against. However, implementing several best practices can help organizations mitigate the risk and impact of APTs: - -- Adopt a proactive approach to cyber security, including continuous network monitoring, threat hunting, and regular assessments. -- Implement a robust set of defense-in-depth security measures, including intrusion detection systems (IDS), firewalls, and access controls. -- Train employees on cybersecurity awareness and how to spot and respond to cyber threats. -- Keep systems updated and patched to prevent exploitation of known vulnerabilities. -- Employ advanced threat intelligence solutions to identify and anticipate potential APT campaigns. - -APT attacks can be damaging and disruptive to organizations, but understanding the nature of these threats and implementing a comprehensive security strategy can help minimize the risk and protect valuable assets. Remember, APTs are not just a concern for large enterprises and governments; organizations of all sizes can be targeted. Staying vigilant and proactive is key to staying safe from these advanced threats. - Learn more from the following resources: -- [@article@What Are Advanced Persistent Threats? - IBM](https://www.ibm.com/topics/advanced-persistent-threats) +- [@video@What is an Advanced Persistent Threat?](https://www.youtube.com/watch?v=sGthMsDlqew) +- [@article@Advanced Persistent Threat (APT)](https://www.crowdstrike.com/cybersecurity-101/advanced-persistent-threat-apt/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/arp@M52V7hmG4ORf4TIVw3W3J.md b/src/data/roadmaps/cyber-security/content/arp@M52V7hmG4ORf4TIVw3W3J.md index ed2f0f109..07d74b684 100644 --- a/src/data/roadmaps/cyber-security/content/arp@M52V7hmG4ORf4TIVw3W3J.md +++ b/src/data/roadmaps/cyber-security/content/arp@M52V7hmG4ORf4TIVw3W3J.md @@ -2,18 +2,11 @@ ARP is a protocol used by the Internet Protocol (IP) to map an IP address to a physical address, also known as a Media Access Control (MAC) address. ARP is essential for routing data between devices in a Local Area Network (LAN) as it allows for the translation of IP addresses to specific hardware on the network. -## How It Works - When a device wants to communicate with another device on the same LAN, it needs to determine the corresponding MAC address for the target IP address. ARP helps in this process by broadcasting an ARP request containing the target IP address. All devices within the broadcast domain receive this ARP request and compare the target IP address with their own IP address. If a match is found, the device with the matching IP address sends an ARP reply which contains its MAC address. The device that initiated the ARP request can now update its ARP cache (a table that stores IP-to-MAC mappings) with the new information, and then proceed to send data to the target's MAC address. -## Security Concerns - -While ARP is crucial for the functioning of most networks, it also presents certain security risks. ARP poisoning, for example, occurs when an attacker sends fake ARP messages with the goal to associate their MAC address with the IP address of a target device. This can lead to Man-in-the-Middle (MITM) attacks where the attacker can intercept, modify, or block traffic intended for the target device. - -To mitigate ARP poisoning attacks, organizations can implement security measures such as static ARP entries, dynamic ARP inspection, and ensuring that their network devices are updated with the latest security patches. - -By understanding ARP and the potential security risks it presents, you can help protect your network by incorporating appropriate security solutions and staying vigilant against potential threats. +Learn more from the following resources: -- [@video@ARP Explained - Address Resolution Protocol](https://www.youtube.com/watch?v=cn8Zxh9bPio) \ No newline at end of file +- [@video@ARP Explained](https://www.youtube.com/watch?v=cn8Zxh9bPio) +- [@article@What is Address Resolution Protocol?](https://www.fortinet.com/resources/cyberglossary/what-is-arp) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/arp@fzdZF-nzIL69kaA7kwOCn.md b/src/data/roadmaps/cyber-security/content/arp@fzdZF-nzIL69kaA7kwOCn.md index ed2f0f109..07d74b684 100644 --- a/src/data/roadmaps/cyber-security/content/arp@fzdZF-nzIL69kaA7kwOCn.md +++ b/src/data/roadmaps/cyber-security/content/arp@fzdZF-nzIL69kaA7kwOCn.md @@ -2,18 +2,11 @@ ARP is a protocol used by the Internet Protocol (IP) to map an IP address to a physical address, also known as a Media Access Control (MAC) address. ARP is essential for routing data between devices in a Local Area Network (LAN) as it allows for the translation of IP addresses to specific hardware on the network. -## How It Works - When a device wants to communicate with another device on the same LAN, it needs to determine the corresponding MAC address for the target IP address. ARP helps in this process by broadcasting an ARP request containing the target IP address. All devices within the broadcast domain receive this ARP request and compare the target IP address with their own IP address. If a match is found, the device with the matching IP address sends an ARP reply which contains its MAC address. The device that initiated the ARP request can now update its ARP cache (a table that stores IP-to-MAC mappings) with the new information, and then proceed to send data to the target's MAC address. -## Security Concerns - -While ARP is crucial for the functioning of most networks, it also presents certain security risks. ARP poisoning, for example, occurs when an attacker sends fake ARP messages with the goal to associate their MAC address with the IP address of a target device. This can lead to Man-in-the-Middle (MITM) attacks where the attacker can intercept, modify, or block traffic intended for the target device. - -To mitigate ARP poisoning attacks, organizations can implement security measures such as static ARP entries, dynamic ARP inspection, and ensuring that their network devices are updated with the latest security patches. - -By understanding ARP and the potential security risks it presents, you can help protect your network by incorporating appropriate security solutions and staying vigilant against potential threats. +Learn more from the following resources: -- [@video@ARP Explained - Address Resolution Protocol](https://www.youtube.com/watch?v=cn8Zxh9bPio) \ No newline at end of file +- [@video@ARP Explained](https://www.youtube.com/watch?v=cn8Zxh9bPio) +- [@article@What is Address Resolution Protocol?](https://www.fortinet.com/resources/cyberglossary/what-is-arp) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/arp@hkO3Ga6KctKODr4gos6qX.md b/src/data/roadmaps/cyber-security/content/arp@hkO3Ga6KctKODr4gos6qX.md index 9faa1f373..07d74b684 100644 --- a/src/data/roadmaps/cyber-security/content/arp@hkO3Ga6KctKODr4gos6qX.md +++ b/src/data/roadmaps/cyber-security/content/arp@hkO3Ga6KctKODr4gos6qX.md @@ -1,32 +1,12 @@ -# arp +# ARP -ARP is a crucial network protocol used to map IP addresses to their corresponding MAC (Media Access Control) addresses. This mapping is crucial, as devices on a network use MAC addresses to communicate with one another. As IP addresses are easier to remember and utilize for humans, ARP helps in converting these logical addresses to physical addresses that devices can understand. +ARP is a protocol used by the Internet Protocol (IP) to map an IP address to a physical address, also known as a Media Access Control (MAC) address. ARP is essential for routing data between devices in a Local Area Network (LAN) as it allows for the translation of IP addresses to specific hardware on the network. -## Why ARP is important +When a device wants to communicate with another device on the same LAN, it needs to determine the corresponding MAC address for the target IP address. ARP helps in this process by broadcasting an ARP request containing the target IP address. All devices within the broadcast domain receive this ARP request and compare the target IP address with their own IP address. If a match is found, the device with the matching IP address sends an ARP reply which contains its MAC address. -In a network, when a device wants to send data to another device, it needs to know the recipient's MAC address. If the sender only knows the IP address, it can use ARP to determine the corresponding MAC address. The mapping is stored in the device's ARP cache, which holds a record of both the IP and MAC addresses. This allows devices to quickly identify and communicate with others on the network. +The device that initiated the ARP request can now update its ARP cache (a table that stores IP-to-MAC mappings) with the new information, and then proceed to send data to the target's MAC address. -## ARP Request and Reply +Learn more from the following resources: -Here are the basic steps involved in the ARP process: - -- The sender creates an ARP request packet with its own IP and MAC addresses, and the recipient's IP address. The packet is broadcast to all devices on the local network. -- Each device on the network receives the ARP request, checks if the IP address is its own, and replies to the sender as needed. -- The sender receives the ARP reply containing the recipient's MAC address and updates its ARP cache with the new information. -- Finally, the sender uses the MAC address to transmit data packets to the intended recipient. - -## Troubleshooting with ARP - -If you're having issues with network communication or want to investigate your network, the ARP table can be a helpful tool. You can view your device's ARP cache using commands specific to your operating system: - -- **Windows**: Open Command Prompt and type `arp -a` -- **Linux**: Open Terminal and type `arp` -- **macOS**: Open Terminal and type `arp -a` - -The output will display the IP and MAC addresses of devices on the network that the system has interacted with. - -## ARP Spoofing and Security Concerns - -As crucial as ARP is, it can be exploited by attackers for malicious purposes. ARP spoofing, also known as ARP poisoning, is a form of cyberattack in which an attacker sends fake ARP requests to a network to link their MAC address with an IP address that legitimately belongs to another device. This enables the attacker to intercept and manipulate network traffic or launch denial-of-service (DoS) attacks. - -To mitigate ARP spoofing, consider implementing security measures such as monitoring ARP traffic, using a static ARP table, or employing security solutions like intrusion detection and prevention systems. Additionally, maintaining a secure and up-to-date network infrastructure can help reduce potential vulnerabilities. +- [@video@ARP Explained](https://www.youtube.com/watch?v=cn8Zxh9bPio) +- [@article@What is Address Resolution Protocol?](https://www.fortinet.com/resources/cyberglossary/what-is-arp) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/autopsy@bIwpjIoxSUZloxDuQNpMu.md b/src/data/roadmaps/cyber-security/content/autopsy@bIwpjIoxSUZloxDuQNpMu.md index 193e9ad1a..81ab2af47 100644 --- a/src/data/roadmaps/cyber-security/content/autopsy@bIwpjIoxSUZloxDuQNpMu.md +++ b/src/data/roadmaps/cyber-security/content/autopsy@bIwpjIoxSUZloxDuQNpMu.md @@ -2,35 +2,7 @@ Autopsy is a versatile and powerful open-source digital forensics platform that is primarily used for incident response, cyber security investigations, and data recovery. As an investigator, you can utilize Autopsy to quickly and efficiently analyze a compromised system, extract crucial artifacts, and generate comprehensive reports. Integrated with The Sleuth Kit and other plug-ins, Autopsy allows examiners to automate tasks and dig deep into a system's structure to discover the root cause of an incident. -## Features of Autopsy +Learn more from the following resources: -- **Central Repository**: Autopsy features a central repository that allows analysts to store and manage case data, ingest modules, and collaborate with other team members. This functionality streamlines the investigation process with effective communication, data sharing, and collaborative analysis. - -- **Intuitive Interface**: Autopsy's graphical user interface (GUI) is user-friendly and well organized. It presents the results in a structured and easy-to-navigate layout, showcasing file systems, metadata, and text strings from binary files. - -- **File System Support**: Autopsy natively supports multiple file systems like FAT12, FAT16, FAT32, NTFS, ext2, ext3, ext4, UFS1, UFS2, and more, making it an ideal solution for analyzing different storage devices. - -- **Timeline Analysis**: The Timeline feature in Autopsy allows analysts to visualize and explore the chronological sequence of file system events. This can be essential in understanding the chain of events during an incident and identifying suspicious activities or anomalies. - -- **Keyword Search**: Autopsy's keyword search function is an invaluable tool for locating artifacts of interest using keywords or regular expressions. Investigators can identify incriminating documents, emails or other files by searching for specific terms, phrases, or patterns. - -- **Integration with Other Tools**: Autopsy's modular design enables seamless integration with various digital forensics tools, facilitating the analysis with specialized features and functions, such as Volatility for memory analysis or PLASO for log parsing. - -## Installation and Usage - -Autopsy is available for download from its official website, [www.autopsy.com/download/](https://www.autopsy.com/download/), and can be installed on Windows, Linux, and macOS platforms. - -Once installed, creating a new case is easy. Follow these basic steps: - -- Launch Autopsy. -- Click on the "New Case" button. -- Provide a case name, case number, examiner, and case directory. -- Add a data source (e.g., a disk image, local folder, or cloud storage) to the case. -- Configure data ingestion options and select specific modules of interest. -- Click on "Finish" to begin the data analysis. - -As Autopsy completes its analysis, it will generate a comprehensive report that can be utilized for internal reporting, maintaining case records, or presenting evidence in legal proceedings. - -## Conclusion - -In conclusion, Autopsy is a valuable tool for incident response and digital forensics professionals. By mastering its functions and capabilities, you can enhance your capabilities in incident investigations, data recovery, and threat attribution. \ No newline at end of file +- [@official@Autopsy Website](https://www.autopsy.com/) +- [@video@Disk analysis with Autopsy](https://www.youtube.com/watch?v=o6boK9dG-Lc&t=236s) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/aws@0LztOTc3NG3OujCVwlcVU.md b/src/data/roadmaps/cyber-security/content/aws@0LztOTc3NG3OujCVwlcVU.md index fca4f0a69..2c3530727 100644 --- a/src/data/roadmaps/cyber-security/content/aws@0LztOTc3NG3OujCVwlcVU.md +++ b/src/data/roadmaps/cyber-security/content/aws@0LztOTc3NG3OujCVwlcVU.md @@ -2,56 +2,6 @@ Amazon Web Services (AWS) is a leading cloud computing platform provided by Amazon. Launched in 2006, AWS offers an extensive range of on-demand IT services, such as computing power, storage, databases, networking, and security, which enable organizations to develop, deploy, and scale applications and infrastructure quickly and cost-effectively. -## Key AWS Services +Learn more from the following resources: -AWS provides over 200 different services, with new ones being added regularly. Some of the most important and commonly used services include: - -## Compute - -- **EC2 (Elastic Compute Cloud):** A virtual server that can be customized to suit various workloads and applications. Instances can be scaled up or down as needed. - -- **Lambda:** A serverless computing service that enables you to run your code in response to events or HTTP requests without provisioning or managing servers. - -## Storage - -- **S3 (Simple Storage Service):** A scalable object storage service that allows you to store and retrieve files, such as documents, images, and videos. - -- **EBS (Elastic Block Store):** A block storage solution used with EC2 instances for persistent storage. - -- **Glacier:** A low-cost archiving solution used for long-term storage and data backup. - -## Databases - -- **RDS (Relational Database Service):** A managed service for hosting, scaling, and backing up relational databases, such as MySQL, PostgreSQL, and Oracle. - -- **DynamoDB:** A managed NoSQL database service, designed for applications that need fast, consistent performance at any scale. - -## Networking - -- **VPC (Virtual Private Cloud):** Provides a virtual network for your AWS resources, enabling you to control and isolate your cloud environment. - -- **Route 53:** A Domain Name System (DNS) web service that allows you to manage domain registration and routing policies. - -## Security, Identity, and Compliance - -- **IAM (Identity and Access Management):** Provides centralized control over AWS resource access and user permissions, enabling secure access management for your resources. - -- **Cognito:** A user identity and data synchronization service that allows you to authenticate and manage users in your applications. - -## Benefits of AWS - -There are several reasons why AWS is widely used and trusted: - -- **Scalability:** AWS services are designed to scale with the growing needs of your business. You can adjust resources as needed without any upfront investment. - -- **Flexibility:** AWS supports a wide array of operating systems, programming languages, and tools, making it easy to migrate existing applications or develop new ones. - -- **Cost-effective:** AWS follows a pay-as-you-go model, allowing you to pay only for the services and resources you use, eliminating upfront expenses. - -- **Security:** AWS has robust security features, such as data encryption, multi-factor authentication, and infrastructure security measures, ensuring that your data and applications remain secure. - -- **Global Presence:** With data centers across the globe, AWS enables you to serve your customers with low latency and maintain business continuity. - -As a part of your cybersecurity strategy, it’s crucial to understand and securely configure your AWS environment. Secure your cloud infrastructure by adhering to AWS best practices, implementing access controls, and regularly monitoring for vulnerabilities. - -For more information on securing your AWS environment, refer to the [AWS Well-Architected Framework](https://aws.amazon.com/architecture/well-architected/) and the [AWS Security Best Practices](https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf) whitepapers. +- [@course@AWS Complete Tutorial](https://www.youtube.com/watch?v=B8i49C8fC3E) diff --git a/src/data/roadmaps/cyber-security/content/bash@tao0Bb_JR0Ubl62HO8plp.md b/src/data/roadmaps/cyber-security/content/bash@tao0Bb_JR0Ubl62HO8plp.md index 7f737fd9a..128889152 100644 --- a/src/data/roadmaps/cyber-security/content/bash@tao0Bb_JR0Ubl62HO8plp.md +++ b/src/data/roadmaps/cyber-security/content/bash@tao0Bb_JR0Ubl62HO8plp.md @@ -1,41 +1,9 @@ # Bash -Bash (**B**ourne **A**gain **Sh**ell) is a widely-used Unix shell and scripting language that acts as a command-line interface for executing commands and organizing files on your computer. It allows users to interact with the system's operating system by typing text commands, serving as an alternative to the graphical user interface (GUI). Bash, created as a free and improved version of the original Bourne Shell (`sh`), is the default shell in many Unix-based systems, including Linux, macOS, and the Windows Subsystem for Linux (WSL). +Bash (Bourne Again Shell) is a widely-used Unix shell and scripting language that acts as a command-line interface for executing commands and organizing files on your computer. It allows users to interact with the system's operating system by typing text commands, serving as an alternative to the graphical user interface (GUI). Bash, created as a free and improved version of the original Bourne Shell (`sh`), is the default shell in many Unix-based systems, including Linux, macOS, and the Windows Subsystem for Linux (WSL). -## Bash Scripting +Learn more from the following resources: -Bash scripting is an essential skill for anyone engaged in cyber security. It allows you to automate simple tasks, monitor system activities, and manage multiple files and directories with ease. With Bash scripts, you can develop tools, automate repetitive tasks, or even develop security testing tools. - -## Key Features - -- **Variables**: Variables can store data in the form of strings or numbers, which can be used and manipulated throughout your script. - -- **Control Structures**: Bash supports loops (`for`, `while`) and conditional statements (`if`, `case`) to build more robust scripts with decision-making capabilities. - -- **Functions**: Create reusable code blocks that can be called with specified parameters, making your script more modular and easier to maintain. - -- **User Input**: Bash scripts allow you to interact with the user by accepting input or choosing options. - -- **File Management**: Create, modify, or analyze files using built-in commands such as `ls`, `cp`, `mkdir`, and `grep`. - -## Learning Bash - -As a cyber security expert, having a strong foundation in Bash can save you time and help you better understand the inner workings of a system. Invest time in learning Bash essentials, such as basic commands, file manipulation, scripting, and processing text data. - -- Basic Commands: Start by learning some of the most commonly used Bash commands: `cd`, `mv`, `cp`, `rm`, `grep`, `find`, `sort`, etc. - -- File and Directory Management: Explore the use of commands, like `mkdir`, `rmdir`, `touch`, `chmod`, `chown`, and `ln`, to create, modify, and delete files and directories. - -- Text Processing: Learn to use commands like `cat`, `less`, `head`, `tail`, and `awk` to analyze and manipulate text data. - -- Scripting: Start by understanding the syntax and structure of Bash scripts, and learn how to create, debug, and execute scripts. - -Some resources to begin your journey with Bash are: - -- [@article@GNU Bash Manual](https://www.gnu.org/software/bash/manual/bash.html): A comprehensive guide to Bash, provided by the GNU project. -- [@article@Bash Beginner's Guide](http://www.tldp.org/LDP/Bash-Beginners-Guide/html/): A beginner-friendly guide that covers the basics of Bash scripting. -- [@official@Bash Academy](https://www.bash.academy/): An interactive platform to start learning Bash from scratch. -- [@article@Learn Shell](https://www.learnshell.org/): An online resource with tutorials and exercises to help you practice your Bash skills. -- [@feed@Explore top posts about Bash](https://app.daily.dev/tags/bash?ref=roadmapsh) - -Bash scripting is a versatile tool in the cybersecurity toolkit, and mastering it will provide you with greater control over the systems you protect. +- [@video@Bash in 100 Seconds](https://www.youtube.com/watch?v=I4EWvMFj37g) +- [@course@Beginners Guide To The Bash Terminal](https://www.youtube.com/watch?v=oxuRxtrO2Ag) +- [@course@Start learning bash](https://linuxhandbook.com/bash/) diff --git a/src/data/roadmaps/cyber-security/content/basics-and-concepts-of-threat-hunting@_x3BgX93N-Pt1_JK7wk0p.md b/src/data/roadmaps/cyber-security/content/basics-and-concepts-of-threat-hunting@_x3BgX93N-Pt1_JK7wk0p.md index e16a1e98a..d6b9df394 100644 --- a/src/data/roadmaps/cyber-security/content/basics-and-concepts-of-threat-hunting@_x3BgX93N-Pt1_JK7wk0p.md +++ b/src/data/roadmaps/cyber-security/content/basics-and-concepts-of-threat-hunting@_x3BgX93N-Pt1_JK7wk0p.md @@ -1,39 +1,12 @@ # Basics and Concepts of Threat Hunting -Threat hunting is the proactive process of identifying and mitigating potential threats and vulnerabilities within a network, before they can be exploited by an attacker. To perform effective threat hunting, security professionals must use their knowledge, skills, and the latest threat intelligence to actively search for previously undetected adversaries and suspicious activities within a network. +Threat hunting is a proactive approach to cybersecurity where security professionals actively search for hidden threats or adversaries that may have bypassed traditional security measures, such as firewalls and intrusion detection systems. Rather than waiting for automated tools to flag suspicious activity, threat hunters use a combination of human intuition, threat intelligence, and advanced analysis techniques to identify indicators of compromise (IoCs) and potential threats within a network or system. -## Key Objectives of Threat Hunting +The process involves several key concepts, starting with a **hypothesis**, where a hunter develops a theory about potential vulnerabilities or attack vectors that could be exploited. They then conduct a **search** through logs, traffic data, or endpoint activity to look for anomalies or patterns that may indicate malicious behavior. **Data analysis** is central to threat hunting, as hunters analyze vast amounts of network and system data to uncover subtle signs of attacks or compromises. If threats are found, the findings lead to **detection and mitigation**, allowing the security team to contain the threat, remove malicious entities, and prevent similar incidents in the future. -- **Detect**: Identify unknown threats and suspicious behavior that traditional security tools may miss. -- **Contain**: Quickly isolate and remediate threats before they can cause significant damage. -- **Learn**: Gather valuable insights about the adversary, their techniques, and the effectiveness of existing security measures. +Threat hunting also involves **continuous learning** and adapting, as hunters refine their techniques based on evolving attack methods and the latest threat intelligence. This approach improves an organization’s overall security posture by identifying sophisticated or previously unknown threats that might evade conventional security measures. -## Threat Hunting Techniques +Learn more from the following resources: -There are several practical approaches to threat hunting, such as: - -- **Hypothesis-driven hunting**: Develop hypotheses about potential threats and validate them through data analysis and investigation. -- **Indicator of Compromise (IoC) hunting**: Leverage existing threat intelligence and IoCs to search for matches within your environment. -- **Machine learning-driven hunting**: Utilize algorithms and advanced analytics tools to automatically detect anomalies and other suspicious patterns of behavior. -- **Situational awareness hunting**: Understand the normal behavior and baseline of the environment and look for deviations that may indicate malicious activity. - -## Tools & Technologies for Threat Hunting - -Some common tools and technologies used for threat hunting include: - -- **Security information and event management (SIEM) systems**: Provide a centralized platform for detecting, alerting, and investigating security incidents and events. -- **Endpoint detection and response (EDR) solutions**: Deliver real-time monitoring, analysis, and remediation capabilities for endpoints. -- **Threat intelligence platforms (TIPs)**: Aggregate and analyze global threat data and indicators of compromise (IoC) to provide actionable intelligence. -- **User and entity behavior analytics (UEBA) tools**: Apply advanced analytics algorithms to detect potential threats by analyzing the behavior of users, devices, and applications. - -## Essential Skills for Threat Hunters - -Successful threat hunters should possess a strong combination of technical skills, critical thinking, and situational awareness. Some essential skills include: - -- **Understanding of networks and protocols**: Deep knowledge of network architecture, protocols, and communication patterns. -- **Familiarity with operating systems**: Ability to navigate, investigate, and analyze various operating systems, including Windows, Linux, and macOS. -- **Scripting and programming**: Proficiency in scripting languages (e.g., Python, PowerShell) and automation tools to streamline the threat hunting process. -- **Knowledge of common attacker tactics, techniques, and procedures (TTPs)**: Awareness of the latest TTPs, ensuring that you stay ahead of potential threats. -- **Critical thinking and problem-solving**: Ability to analyze complex scenarios and think creatively to identify potential threats and vulnerabilities. - -By developing a strong foundation in threat hunting concepts and techniques, security professionals are better equipped to proactively identify and mitigate potential attacks, thereby strengthening their organization's overall cybersecurity posture. +- [@article@What is Threat Hunting](https://www.ibm.com/topics/threat-hunting) +- [@video@Cyber Security Threat Hunting explained](https://www.youtube.com/watch?v=VNp35Uw_bSM) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/basics-of-computer-networking@T0aU8ZQGShmF9uXhWY4sD.md b/src/data/roadmaps/cyber-security/content/basics-of-computer-networking@T0aU8ZQGShmF9uXhWY4sD.md index 5353289b6..385a9bfd3 100644 --- a/src/data/roadmaps/cyber-security/content/basics-of-computer-networking@T0aU8ZQGShmF9uXhWY4sD.md +++ b/src/data/roadmaps/cyber-security/content/basics-of-computer-networking@T0aU8ZQGShmF9uXhWY4sD.md @@ -1,56 +1,17 @@ # Basics of Computer Networking -Computer networking refers to the practice of connecting two or more computing devices, creating an infrastructure in which they can exchange data, resources, and software. It is a fundamental part of cyber security and IT skills. In this chapter, we will cover five aspects of computer networking, including networking devices, network types, network protocols, IP addresses, and the OSI model. +Computer networking involves connecting multiple computers and devices to share resources, such as data, applications, and internet connections. Networks can range from small local area networks (LANs) to large-scale wide area networks (WANs), such as the internet. The basic components of a network include devices (computers, servers, routers), transmission media (wired or wireless), and network protocols, which govern communication between devices. -## Networking Devices +Key concepts in networking include: -Several devices enable and facilitate communication between different devices. Common networking devices include: +1. **IP Addressing**: Every device on a network has a unique Internet Protocol (IP) address, which allows it to be identified and communicate with other devices. +2. **Subnetting**: This involves dividing a network into smaller, manageable sections to optimize performance and security. +3. **Routing**: Routers are used to forward data between different networks, ensuring that information reaches the correct destination. +4. **DNS**: The Domain Name System translates human-readable domain names into IP addresses, enabling easier navigation and communication on the internet. +5. **TCP/IP Protocol**: The Transmission Control Protocol/Internet Protocol (TCP/IP) suite is the foundation of most networks, handling how data is broken into packets, transmitted, and reassembled. -- **Hubs**: Devices that connect different devices together, transmitting data packets to all devices on the network. -- **Switches**: Similar to hubs, but transmit data packets only to specific devices instead of broadcasting to all. -- **Routers**: Devices that direct data packets between networks and provide the best path for data packets to reach their destination. -- **Firewalls**: Devices or software that monitor and filter incoming and outgoing network traffic, allowing only authorized data to pass through. +Learn more from the following resources: -## Network Types - -There are various types of networks based on the distance they cover, and the number of devices they connect. A few common network types are: - -- **Personal Area Network (PAN)**: Connects devices within an individual workspace, typically within a range of 10 meters. -- **Local Area Network (LAN)**: Covers a small geographical area, such as a home or office, connecting multiple computers and other devices. -- **Wide Area Network (WAN)**: Covers a larger geographical area, interconnecting different LANs, often using leased telecommunication lines or wireless links. -- **Virtual Private Network (VPN)**: A secure network established over the public internet, encrypting the data transferred and restricting access to authorized users only. - -## Network Protocols - -Protocols are sets of rules that govern the communication between devices within a network. Some of the most common protocols include: - -- **Transmission Control Protocol (TCP)**: Ensures the reliable transmission of data and establishes connections between devices. -- **Internet Protocol (IP)**: Facilitates the transmission of data packets, assigning unique IP addresses to identify devices. -- **User Datagram Protocol (UDP)**: A lightweight, fast, but less reliable protocol compared to TCP, often used for streaming and gaming applications. - -## IP Addresses - -An IP address is a unique identifier assigned to every device in a network. There are two types of IP addresses: - -- **IPv4**: Uses a 32-bit addressing system, allowing for approximately 4.3 billion unique IP addresses. -- **IPv6**: Uses a 128-bit addressing system, providing a significantly larger number of available IP addresses. - -IP addresses can also be categorized as dynamic or static, depending on whether they change over time or remain constant for a device. - -## OSI Model - -The Open Systems Interconnection (OSI) model is a conceptual framework used to understand and describe how different network protocols interact. It divides networking functions into seven distinct layers: - -- **Physical Layer**: Deals with the physical connection between devices, including cabling and hardware. -- **Data Link Layer**: Handles the communication between adjacent devices on the same network. -- **Network Layer**: Identifies the best route for data packets and manages IP addresses. -- **Transport Layer**: Ensures the reliable transmission of data, including error checking and flow control. -- **Session Layer**: Establishes, maintains, and terminates connections between applications on different devices. -- **Presentation Layer**: Translates data into a format that is suitable for transmission between devices. -- **Application Layer**: Represents the user interface with which applications interact. - -Mastering the basics of computer networking is key to understanding and implementing effective cyber security measures. This chapter has covered essential networking concepts, but it is important to continually expand your knowledge in this ever-evolving field. - -- [@article@What is Computer Networking?](https://tryhackme.com/room/whatisnetworking) -- [@video@Learn Networking in 3 hours (basics for cybersecurity and DevOps)](https://www.youtube.com/watch?v=iSOfkw_YyOU\&t=1549s) -- [@feed@Explore top posts about Networking](https://app.daily.dev/tags/networking?ref=roadmapsh) +- [@article@Networking basics - What you need to know](https://www.cisco.com/c/en/us/solutions/small-business/resource-center/networking/networking-basics.html) +- [@video@Computer Networking in 100 seconds](https://www.youtube.com/watch?v=keeqnciDVOo) +- [@video@Computer Networks: Crash Course Computer Science #28](https://www.youtube.com/watch?v=3QhU9jd03a0) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/basics-of-ids-and-ips@FJsEBOFexbDyAj86XWBCc.md b/src/data/roadmaps/cyber-security/content/basics-of-ids-and-ips@FJsEBOFexbDyAj86XWBCc.md index a07f21b0a..de9472929 100644 --- a/src/data/roadmaps/cyber-security/content/basics-of-ids-and-ips@FJsEBOFexbDyAj86XWBCc.md +++ b/src/data/roadmaps/cyber-security/content/basics-of-ids-and-ips@FJsEBOFexbDyAj86XWBCc.md @@ -6,31 +6,10 @@ When it comes to cybersecurity, detecting and preventing intrusions is crucial f An Intrusion Detection System (IDS) is a critical security tool designed to monitor and analyze network traffic or host activities for any signs of malicious activity, policy violations, or unauthorized access attempts. Once a threat or anomaly is identified, the IDS raises an alert to the security administrator for further investigation and possible actions. -There are two types of IDS: - -- **Network-Based Intrusion Detection System (NIDS)**: This type of IDS is deployed on network devices such as routers, switches, or firewalls to monitor and analyze the traffic between hosts within the network. - -- **Host-Based Intrusion Detection System (HIDS)**: This type of IDS is installed on individual hosts, such as servers or workstations, to monitor and analyze the activities on that specific host. - ## What is Intrusion Prevention System (IPS)? An Intrusion Prevention System (IPS) is an advanced security solution closely related to IDS. While an IDS mainly focuses on detecting and alerting about intrusions, an IPS takes it a step further and actively works to prevent the attacks. It monitors, analyzes, and takes pre-configured automatic actions based on suspicious activities, such as blocking malicious traffic, reseting connections, or dropping malicious packets. -There are two types of IPS: - -- **Network-Based Intrusion Prevention System (NIPS)**: This type of IPS is deployed in-line with network devices and closely monitors network traffic, making it possible to take actions in real-time. - -- **Host-Based Intrusion Prevention System (HIPS)**: This type of IPS is installed on individual hosts and actively prevents attacks by controlling inputs and outputs on the host, restricting access to resources, and making use of application-level controls. - -## Key Takeaways - -- IDS and IPS are essential components of a robust cybersecurity strategy. -- IDS focuses on detecting and alerting about potential intrusions, while IPS takes it further by actively preventing and mitigating attacks. -- Network-based systems protect networks, while host-based systems protect individual hosts within a network. -- Regularly updating and configuring IDS/IPS is necessary to continually defend against evolving threats. - -By understanding the basics of IDS and IPS, you can better evaluate your security needs and take the right steps to protect your network and hosts from potential intruders. - Learn more from the following resources: - [@video@Intrusion Prevention System (IPS)](https://www.youtube.com/watch?v=7QuYupuic3Q) diff --git a/src/data/roadmaps/cyber-security/content/basics-of-nas-and-san@umbMBQ0yYmB5PgWfY6zfO.md b/src/data/roadmaps/cyber-security/content/basics-of-nas-and-san@umbMBQ0yYmB5PgWfY6zfO.md index a50ba6338..25693d48c 100644 --- a/src/data/roadmaps/cyber-security/content/basics-of-nas-and-san@umbMBQ0yYmB5PgWfY6zfO.md +++ b/src/data/roadmaps/cyber-security/content/basics-of-nas-and-san@umbMBQ0yYmB5PgWfY6zfO.md @@ -1,36 +1,11 @@ # Basics of NAS and SAN -Network Attached Storage (NAS) and Storage Area Network (SAN) technologies play a crucial role in managing data within an organization and serve as the building blocks for a more comprehensive IT infrastructure. +Network Attached Storage (NAS) and Storage Area Network (SAN) are both technologies used for storing and managing data, but they operate in different ways and serve different purposes. NAS is a dedicated file storage device that connects to a network, allowing multiple users and devices to access files over a shared network. It operates at the file level and uses standard networking protocols such as NFS or SMB/CIFS, making it easy to set up and manage, especially for small to medium-sized businesses. NAS devices are ideal for sharing files, providing backups, and enabling centralized data access across multiple users in a local network. -## Network Attached Storage (NAS) +SAN, on the other hand, is a high-performance, specialized network designed to provide block-level storage, which means it acts as a direct-attached storage device to servers. SAN uses protocols such as Fibre Channel or iSCSI and is typically employed in large enterprise environments where fast, high-capacity, and low-latency storage is critical for applications like databases and virtualized systems. While NAS focuses on file sharing across a network, SAN is designed for more complex, high-speed data management, enabling servers to access storage as if it were directly connected to them. Both NAS and SAN are vital components of modern data storage infrastructure but are chosen based on the specific performance, scalability, and management needs of the organization. -NAS is a high-capacity storage solution that operates on a data file level, allowing multiple users and clients to access, store, and retrieve data from a centralized location over a network. NAS devices are generally connected to a local area network (LAN) and use various file-sharing protocols, such as NFS (Network File System), SMB/CIFS (Server Message Block/Common Internet File System), or AFP (Apple Filing Protocol). +Learn more from the following resources: -Some key features of a NAS system include: - -- **Ease of Deployment**: NAS devices are simple to install and configure, facilitating quick integration into existing network infrastructures. -- **Scalability**: NAS systems can be easily expanded to accommodate growing storage needs by adding more drives or units. -- **Data Protection**: Most NAS devices offer data protection features such as RAID (Redundant Array of Independent Disks), data backup, and data encryption. - -## Storage Area Network (SAN) - -SAN is a high-performance, dedicated storage network designed to provide block-level data storage for applications and servers. Unlike NAS, which uses file-sharing protocols, SANs utilize block-based protocols such as Fibre Channel (FC) and iSCSI (Internet Small Computer System Interface) to handle storage requests. - -SANs offer several advantages in terms of performance, reliability, and scalability: - -- **Performance**: SANs can handle low-latency, high-speed data transfers, providing optimal performance for mission-critical applications and large-scale virtualization. -- **Fault Tolerance**: SANs are designed to provide redundancy and failover capabilities, ensuring continued access to data in the event of hardware failures. -- **Scalability**: SANs can be easily scaled by adding more disk arrays, switches, or connections to meet growing storage demands. - -## NAS vs. SAN: Choosing the Right Solution - -When it comes to deciding between NAS and SAN, there are several factors to consider: - -- **Cost**: NAS devices are generally more affordable than SANs, making them an attractive option for smaller organizations or environments with limited budgets. -- **Infrastructure**: NAS solutions can be more easily integrated into existing network infrastructures, whereas SANs may require dedicated hardware, connections, and management tools. -- **Performance Requirements**: If you need high-performance storage for intensive applications, SANs may be a more appropriate choice than NAS. -- **Data Management**: While NAS solutions excel in handling file-based storage, SANs provide better support for block-level storage and can deliver improved performance for virtualized environments and database applications. - -It's essential to evaluate your organization's specific needs and requirements to determine which storage solution is the most appropriate fit. As you expand your knowledge in cyber security, a solid understanding of both NAS and SAN technologies will prove invaluable in implementing secure and efficient data storage systems. - -- [@video@NAS vs SAN](https://youtu.be/3yZDDr0JKVc) \ No newline at end of file +- [@video@What is a NAS](https://www.youtube.com/watch?v=ZwhT-KI16jo) +- [@video@What is a Storage Area Network](https://www.youtube.com/watch?v=7eGw4vhyeTA) +- [@article@NAS vs SAN - What are the differences?](https://www.backblaze.com/blog/whats-the-diff-nas-vs-san/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/basics-of-reverse-engineering@uoGA4T_-c-2ip_zfEUcJJ.md b/src/data/roadmaps/cyber-security/content/basics-of-reverse-engineering@uoGA4T_-c-2ip_zfEUcJJ.md index 9f7cd366f..a501391d4 100644 --- a/src/data/roadmaps/cyber-security/content/basics-of-reverse-engineering@uoGA4T_-c-2ip_zfEUcJJ.md +++ b/src/data/roadmaps/cyber-security/content/basics-of-reverse-engineering@uoGA4T_-c-2ip_zfEUcJJ.md @@ -1,48 +1,10 @@ # Basics of Reverse Engineering -Reverse engineering is the process of analyzing a system, component, or software to understand how it works and deduce its design, architecture, or functionality. It is a critical skill in cybersecurity, as it helps security professionals uncover the potential attack vectors, hidden vulnerabilities, and underlying intentions of a piece of software or hardware. +Reverse engineering is the process of deconstructing a system, software, or hardware to understand its internal workings, design, and functionality without having access to its source code or original documentation. In cybersecurity, reverse engineering is often used to analyze malware or software vulnerabilities to uncover how they operate, allowing security professionals to develop defenses, patches, or detection methods. This involves breaking down the binary code, disassembling it into machine code, and then interpreting it to understand the logic, behavior, and intent behind the program. -In this section, we will cover the basic concepts and techniques of reverse engineering that every cybersecurity professional should be familiar with. +Reverse engineering can also be used in hardware to investigate a device's design or performance, or in software development for compatibility, debugging, or enhancing legacy systems. The process typically includes static analysis, where the code is examined without execution, and dynamic analysis, where the program is executed in a controlled environment to observe its runtime behavior. The insights gained through reverse engineering are valuable for improving security, fixing bugs, or adapting systems for different uses. However, it’s important to be aware of the legal and ethical boundaries, as reverse engineering certain software or hardware can violate intellectual property rights. -## Static Analysis Vs. Dynamic Analysis +Learn more from the following resources: -There are two main approaches to reverse engineering: static analysis and dynamic analysis. Static analysis involves examining the code and structure of a software without executing it. This includes analyzing the source code, if available, or examining the binary executable using disassemblers or decompilers. - -Dynamic analysis, on the other hand, involves executing the software while observing and monitoring its behaviors and interactions with other components or systems. This analysis is typically performed in controlled environments, such as virtual machines or sandbox environments, to minimize potential risks. - -Both approaches have their merits and limitations, and combining them is often the most effective way to gain a comprehensive understanding of the target system. - -## Disassemblers and Decompilers - -Disassemblers and decompilers are essential tools in reverse engineering, as they help transform binary executables into a more human-readable format. - -- **Disassemblers** convert machine code (binary executable) into assembly language, a low-level programming language that is more human-readable than raw machine code. Assembly languages are specific to the CPU architectures, such as x86, ARM, or MIPS. -- **Decompilers** attempt to reverse-engineer binary executables into high-level programming languages, such as C or C++, by interpreting the structures and patterns in the assembly code. Decompilation, however, is not always perfect and may generate code that is more difficult to understand than assembly. - -Some popular disassemblers and decompilers are: - -- [@article@IDA Pro](https://www.hex-rays.com/products/ida/) -- [@article@Ghidra](https://ghidra-sre.org/) -- [@article@Hopper](https://www.hopperapp.com/) - -## Debuggers - -Debuggers are another essential tool for reverse engineering, as they allow you to execute a program and closely monitor its behavior during runtime. Debuggers provide features such as setting breakpoints, stepping through code, and examining memory contents. - -Some popular debuggers include: - -- [@article@OllyDbg](http://www.ollydbg.de/) -- [@article@GDB](https://www.gnu.org/software/gdb/) -- [@article@x64dbg](https://x64dbg.com/) - -## Common Reverse Engineering Techniques - -Here are some basic reverse engineering techniques: - -- **Control flow analysis:** Understanding the execution flow of a program, such as loops, branches, and conditional statements, to determine how the program behaves under certain conditions. -- **Data flow analysis:** Analyzing how data is passed between different parts of a program and tracing the origin and destination of data. -- **System call analysis:** Examining system calls made by a program to understand how it interacts with the operating system, hardware, or external resources. -- **Cryptographic analysis:** Identifying and analyzing encryption and decryption algorithms used within a program or analyzing any cryptographic keys or certificates that may be present. -- **Pattern recognition:** Identifying common patterns, structures, or routines in code that may indicate the use of known algorithms or frameworks. - -Remember that mastering the art of reverse engineering takes time and practice. As you delve deeper into the world of reverse engineering, you will develop the ability to recognize patterns, understand complex systems, and ultimately, better defend against cyber threats. +- [@course@Reverse Engineering for Everyone!](https://0xinfection.github.io/reversing/) +- [@video@What is reverse engineering?](https://www.youtube.com/watch?v=gh2RXE9BIN8) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/basics-of-subnetting@E8Z7qFFW-I9ivr0HzoXCq.md b/src/data/roadmaps/cyber-security/content/basics-of-subnetting@E8Z7qFFW-I9ivr0HzoXCq.md index b1d91b38c..eadadb613 100644 --- a/src/data/roadmaps/cyber-security/content/basics-of-subnetting@E8Z7qFFW-I9ivr0HzoXCq.md +++ b/src/data/roadmaps/cyber-security/content/basics-of-subnetting@E8Z7qFFW-I9ivr0HzoXCq.md @@ -1,53 +1,11 @@ # Basics of Subnetting -Subnetting is the process of dividing an IP network into smaller sub-networks called subnets. It allows better allocation of IP addresses and provides better organization, control, and security for the network. Here we go through some of the basic concepts of subnetting and why it's crucial for cybersecurity. +Subnetting is a technique used in computer networking to divide a large network into smaller, more manageable sub-networks, or "subnets." It enhances network performance and security by reducing broadcast traffic and enabling better control over IP address allocation. Each subnet has its own range of IP addresses, which allows network administrators to optimize network traffic and reduce congestion by isolating different sections of a network. -## IP Addresses and Subnet Masks +In subnetting, an IP address is split into two parts: the network portion and the host portion. The network portion identifies the overall network, while the host portion identifies individual devices within that network. Subnet masks are used to define how much of the IP address belongs to the network and how much is reserved for hosts. By adjusting the subnet mask, administrators can create multiple subnets from a single network, with each subnet having a limited number of devices. Subnetting is particularly useful for large organizations, allowing them to efficiently manage IP addresses, improve security by segmenting different parts of the network, and control traffic flow by minimizing unnecessary data transmissions between segments. -An IP address is a unique identifier for devices on a network. It consists of two parts: the network address and the host address. The network address indicates the network to which a device belongs, while the host address identifies the specific device within that network. +Learn more from the following resources: -Subnet masks are used to define which portion of an IP address is the network address and which is the host address. For example, in the IP address `192.168.1.5`, and subnet mask `255.255.255.0`, the network address is `192.168.1.0`, and the host address is `5`. - -## Why Subnetting? - -Subnetting has several advantages, including: - -- **Improved Network Performance**: Breaking a large network into smaller subnets helps reduce congestion and improve overall performance. -- **Enhanced Security**: By isolating different parts of a network, you can control access and limit the spread of potential threats. -- **Easier Administration**: Smaller networks are easier to manage and maintain, as it's simpler to track issues and allocate resources. - -## Subnetting Process - -The process of subnetting involves the following steps: - -- **Choose the Appropriate Subnet Mask**: Determine the right subnet mask for your network based on the number of required subnets and hosts. The more subnets you need, the more bits you will "borrow" from the host portion of the IP address. - -- **Divide the Network into Subnets**: Calculate the subnet addresses by incrementing the network portion of the IP address by the value of the borrowed bits. - -- **Determine Host Ranges**: Calculate the valid host addresses within each subnet by identifying the first and last usable IP addresses. Remember that the first address in a subnet is the network address, and the last address is used for broadcasting. - -- **Assign IP Addresses**: Allocate IP addresses to devices within their respective subnets, and configure devices with the correct subnet mask. - -## Example - -Let's suppose we have the network `192.168.1.0` with a subnet mask of `255.255.255.0`. We want to create four smaller subnets. Here's how we can do it: - -- `255.255.255.0` in binary is `11111111.11111111.11111111.00000000`. We can borrow 2 bits from the host portion to create four subnets: `11111111.11111111.11111111.11000000`, which is `255.255.255.192` in decimal format. - -- Our subnets will have the following network addresses: - - - `192.168.1.0` - - `192.168.1.64` - - `192.168.1.128` - - `192.168.1.192` - -- The valid host ranges within each subnet are: - - - `192.168.1.1 - 192.168.1.62` - - `192.168.1.65 - 192.168.1.126` - - `192.168.1.129 - 192.168.1.190` - - `192.168.1.193 - 192.168.1.254` - -- Allocate IP addresses from these host ranges to devices within their respective subnets, and configure devices with the correct subnet mask (`255.255.255.192`). - -Understanding the basics of subnetting is essential to properly configuring and securing your network. By efficiently dividing your network into smaller subnets, you can optimize performance, organization, and security. +- [@article@Networking Basics: What is IPv4 Subnetting?](https://www.cbtnuggets.com/blog/technology/networking/networking-basics-what-is-ipv4-subnetting) +- [@video@Lets subnet your home network!](https://www.youtube.com/watch?v=mJ_5qeqGOaI&list=PLIhvC56v63IKrRHh3gvZZBAGvsvOhwrRF&index=6) +- [@video@Subnetting for hackers](https://www.youtube.com/watch?v=o0dZFcIFIAw) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/basics-of-threat-intel-osint@wN5x5pY53B8d0yopa1z8F.md b/src/data/roadmaps/cyber-security/content/basics-of-threat-intel-osint@wN5x5pY53B8d0yopa1z8F.md index d1800a67d..f6fd451a6 100644 --- a/src/data/roadmaps/cyber-security/content/basics-of-threat-intel-osint@wN5x5pY53B8d0yopa1z8F.md +++ b/src/data/roadmaps/cyber-security/content/basics-of-threat-intel-osint@wN5x5pY53B8d0yopa1z8F.md @@ -1,42 +1,10 @@ # Basics of Threat Intel, OSINT -Open Source Intelligence (OSINT) is a crucial part of cyber threat intelligence (CTI). It refers to the collection and analysis of publicly available information from various sources to identify potential threats to an organization's information security. +Threat Intelligence (Threat Intel) and Open-Source Intelligence (OSINT) are both critical components in cybersecurity that help organizations stay ahead of potential threats. Threat Intelligence refers to the collection, analysis, and dissemination of information about potential or current attacks targeting an organization. This intelligence typically includes details on emerging threats, attack patterns, malicious IP addresses, and indicators of compromise (IoCs), helping security teams anticipate, prevent, or mitigate cyberattacks. Threat Intel can be sourced from both internal data (such as logs or past incidents) and external feeds, and it helps in understanding the tactics, techniques, and procedures (TTPs) of adversaries. -## Why is OSINT important for threat intelligence? +OSINT, a subset of Threat Intel, involves gathering publicly available information from open sources to assess and monitor threats. These sources include websites, social media, forums, news articles, and other publicly accessible platforms. OSINT is often used for reconnaissance to identify potential attack vectors, compromised credentials, or leaks of sensitive data. It’s also a valuable tool in tracking threat actors, as they may leave traces in forums or other public spaces. Both Threat Intel and OSINT enable organizations to be more proactive in their cybersecurity strategies by identifying vulnerabilities, understanding attacker behavior, and implementing timely defenses based on actionable insights. -OSINT plays a significant role in achieving comprehensive threat intelligence by offering valuable insights into various threat actors, their tactics, techniques, and procedures (TTPs). By leveraging OSINT, security teams can: +Learn more from the following resources: -- Identify and track adversaries targeting their organization -- Gain knowledge about the latest attack strategies and trends -- Evaluate the effectiveness of existing security measures -- Develop proactive defense strategies to mitigate potential threats - -## Key OSINT Sources - -There are numerous sources of OSINT data that can be valuable for threat intelligence. Some of the main sources include: - -- **Publicly accessible websites and blogs**: Security researchers, hackers, and threat actors frequently share information about their findings, tools, and techniques in their blogs and websites. - -- **Social media platforms**: Social media platforms like Twitter, Reddit, and LinkedIn offer a wealth of information about threat actors' activities and can act as a valuable resource for threat intelligence. - -- **Security-related conference materials**: Many industry conferences and workshops publish their research papers, video recordings, and presentations online, allowing you to gather valuable insights from experts in the field. - -- **Online forums and chat rooms**: Hacker forums, online chat rooms, and bulletin boards often contain discussions related to the latest vulnerabilities, exploits, and attack techniques. - -- **Pastebin and GitHub**: These platforms offer code snippets and repositories that may contain working hacking tools or proof-of-concept exploits, making them valuable sources of OSINT. - -## Best Practices for OSINT Collection - -Collecting and analyzing OSINT for threat intelligence may seem like a daunting task, but by following these best practices, you can effectively incorporate it into your cyber defense strategies: - -- **Set clear goals and objectives**: Define what you want to achieve with your OSINT collection efforts and how it contributes to your organization's threat intelligence initiatives. - -- **Establish a methodology**: Develop a structured approach and process for searching, collecting, and analyzing OSINT data. - -- **Filter your data**: As the volume of data available from OSINT sources can be overwhelming, it's essential to filter the data gathered effectively. Prioritize information that is relevant to your organizational context and specific intelligence requirements. - -- **Maintain up-to-date knowledge**: Regularly review newly available OSINT and stay current with the latest tactics, techniques, and procedures utilized by threat actors. - -- **Collaborate and share with peers**: The security community is known for collaboration and knowledge sharing. Engage with other security professionals to benefit from their knowledge and experience. - -In conclusion, OSINT is a significant aspect of threat intelligence that helps organizations identify and mitigate potential security threats. By effectively collecting and analyzing OSINT, you can gain a better understanding of the ever-evolving threat landscape and develop more effective strategies to protect your organization. +- [@article@OSINT Framework](https://osintframework.com/) +- [@course@Open-Source Intelligence (OSINT) in 5 Hours](https://www.youtube.com/watch?v=qwA6MmbeGNo&t=457s) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/basics-of-vulnerability-management@lcxAXtO6LoGd85nOFnLo8.md b/src/data/roadmaps/cyber-security/content/basics-of-vulnerability-management@lcxAXtO6LoGd85nOFnLo8.md index 29d09d3dd..af63657b6 100644 --- a/src/data/roadmaps/cyber-security/content/basics-of-vulnerability-management@lcxAXtO6LoGd85nOFnLo8.md +++ b/src/data/roadmaps/cyber-security/content/basics-of-vulnerability-management@lcxAXtO6LoGd85nOFnLo8.md @@ -1,24 +1,12 @@ # Basics of Vulnerability Management -Vulnerability management is a crucial aspect of cybersecurity, as it helps organizations to identify, prioritize, and remediate potential risks in their networks, systems, and applications. It involves continuous processes and practices designed to protect sensitive data by reducing the attack surface and minimizing the likelihood of a breach. +Vulnerability management is the process of identifying, evaluating, prioritizing, and mitigating security vulnerabilities in an organization's systems, applications, and networks. It is a continuous, proactive approach to safeguarding digital assets by addressing potential weaknesses that could be exploited by attackers. The process begins with **vulnerability scanning**, where tools are used to detect known vulnerabilities by analyzing software, configurations, and devices. -## Importance of Vulnerability Management +Once vulnerabilities are identified, they are **assessed and prioritized** based on factors such as severity, potential impact, and exploitability. Organizations typically use frameworks like CVSS (Common Vulnerability Scoring System) to assign risk scores to vulnerabilities, helping them focus on the most critical ones first. -- **Prevent cyberattacks**: By addressing vulnerabilities before they can be exploited, organizations reduce the chances of successful attacks and protect their critical assets. -- **Comply with regulations**: Organizations must adhere to various data protection standards and regulations, such as GDPR, HIPAA, or PCI DSS. A robust vulnerability management program can help meet these requirements. -- **Maintain customer trust**: Frequent security breaches can lead to reputational damages, making it vital to prioritize vulnerability management as a means to safeguard customer data. -- **Save costs**: Proactively identifying and mitigating vulnerabilities reduces the financial implications of dealing with a security breach, including the costs of incident response, legal liabilities, and penalties. +Next, **remediation** is carried out through patching, configuration changes, or other fixes. In some cases, mitigation may involve applying temporary workarounds until a full patch is available. Finally, continuous **monitoring and reporting** ensure that new vulnerabilities are swiftly identified and addressed, maintaining the organization's security posture. Vulnerability management is key to reducing the risk of exploitation and minimizing the attack surface in today's complex IT environments. -## Components of Vulnerability Management +Learn more from the following resources: -- **Vulnerability Assessment**: Regular vulnerability assessments are essential to identify security weaknesses. This includes scanning networks, system components, software, and applications to identify existing vulnerabilities. - -- **Risk Analysis**: After identifying vulnerabilities, it is essential to assess their potential risks. This involves determining the likelihood and impact of each vulnerability, prioritizing them based on severity, and deciding which vulnerabilities to address first. - -- **Remediation**: The remediation process involves implementing patches, updates, or configuration changes to address the identified vulnerabilities. It is crucial to regularly review and ensure that patches have been applied effectively to prevent further exploitation. - -- **Verification**: After remediation, organizations must verify that the implemented solutions have effectively eliminated the risk posed by the vulnerability. Verification processes may include re-scanning and penetration testing. - -- **Reporting**: Maintaining comprehensive and accurate records of vulnerability management activities is essential for regulatory compliance and informing key stakeholders about the organization's security posture. Regular reporting can also aid in identifying problem areas and trends, allowing decision-makers to allocate resources and plan accordingly. - -By implementing a thorough vulnerability management program, organizations can significantly reduce their risk exposure and improve their overall cybersecurity posture. In today's digital landscape, proactively managing vulnerabilities is a critical step in safeguarding sensitive information and maintaining customer trust. +- [@article@What is vulnerability management?](https://www.rapid7.com/fundamentals/vulnerability-management-and-scanning/) +- [@video@Vulnerability Management explained by experts](https://www.youtube.com/watch?v=RE6_Lo2wSIg) diff --git a/src/data/roadmaps/cyber-security/content/blue--red--purple-teams@7tDxTcKJNAUxbHLPCnPFO.md b/src/data/roadmaps/cyber-security/content/blue--red--purple-teams@7tDxTcKJNAUxbHLPCnPFO.md index 8b886aedc..3f69b4be2 100644 --- a/src/data/roadmaps/cyber-security/content/blue--red--purple-teams@7tDxTcKJNAUxbHLPCnPFO.md +++ b/src/data/roadmaps/cyber-security/content/blue--red--purple-teams@7tDxTcKJNAUxbHLPCnPFO.md @@ -2,43 +2,10 @@ In the context of cybersecurity, Blue Team, Red Team, and Purple Team are terms used to describe different roles and methodologies employed to ensure the security of an organization or system. Let's explore each one in detail. -## Blue Team +In cybersecurity, Blue Team and Red Team refer to opposing groups that work together to improve an organization's security posture. The Blue Team represents defensive security personnel who protect systems and networks from attacks, while the Red Team simulates real-world adversaries to test the Blue Team's defenses. Purple Team bridges the gap between the two, facilitating collaboration and knowledge sharing to enhance overall security effectiveness. This approach combines the defensive strategies of the Blue Team with the offensive tactics of the Red Team, creating a more comprehensive and dynamic security framework that continuously evolves to address emerging threats and vulnerabilities. -The Blue Team is responsible for defending an organization's information systems, networks, and critical assets from security threats. They are tasked with the ongoing monitoring of systems, detecting and responding to potential security incidents, and implementing protective measures. +Learn more from the following resources: -**Key activities of the Blue Team:** - -- Develop and implement security policies and procedures -- Perform vulnerability assessments and risk assessments -- Deploy security tools and technologies (e.g., firewalls, intrusion detection systems, etc.) -- Monitor logs and analyze security events for potential threats -- Respond to and investigate security incidents -- Conduct security awareness and training programs - -## Red Team - -The Red Team's primary goal is to simulate real-world attacks, identify vulnerabilities, and test the effectiveness of the Blue Team's defensive strategies. They are external or internal team members that act like adversaries, using creativity, and advanced techniques to test an organization's cybersecurity defenses. - -**Key activities of the Red Team:** - -- Perform regular penetration testing and security assessments -- Use social engineering techniques to exploit human weaknesses -- Analyze and exploit vulnerabilities in systems, networks, and applications -- Emulate advanced persistent threats and attack scenarios -- Provide actionable insights to improve the organization's security posture - -## Purple Team - -The Purple Team bridges the gap between the Blue Team and Red Team, helping to create a more collaborative environment. They facilitate communication and information sharing between the two teams, ultimately aiming to improve the overall effectiveness of a security program. - -**Key activities of the Purple Team:** - -- Coordinate and plan joint exercises between Blue Team and Red Team -- Share knowledge, techniques, and findings between the teams -- Assist with the implementation of identified security improvements -- Evaluate and measure the effectiveness of security controls -- Foster a culture of continuous improvement and collaboration - -By investing in Blue, Red, and Purple Team efforts, organizations can achieve a more robust and resilient security posture, capable of withstanding and adapting to ever-evolving threats. - -- [@article@Red Team Fundamentals (TryHackMe)](https://tryhackme.com/room/redteamfundamentals) \ No newline at end of file +- [@article@What is a blue team?](https://www.checkpoint.com/cyber-hub/cyber-security/what-is-a-blue-team/) +- [@article@What is red teaming?](https://www.ibm.com/think/topics/red-teaming) +- [@article@Purple teaming explained](https://www.crowdstrike.com/cybersecurity-101/purple-teaming/) diff --git a/src/data/roadmaps/cyber-security/content/bluetooth@DbWf5LdqiByPiJa4xHtl_.md b/src/data/roadmaps/cyber-security/content/bluetooth@DbWf5LdqiByPiJa4xHtl_.md index da6c8e1fa..f2a7f1186 100644 --- a/src/data/roadmaps/cyber-security/content/bluetooth@DbWf5LdqiByPiJa4xHtl_.md +++ b/src/data/roadmaps/cyber-security/content/bluetooth@DbWf5LdqiByPiJa4xHtl_.md @@ -1,21 +1,8 @@ # Bluetooth -**Bluetooth** is a wireless technology used to transfer data between devices over short distances. It operates in the 2.4 GHz frequency band and offers a reasonably secure means of communication between devices like smartphones, computers, headphones, and more. +Bluetooth is a short-range wireless technology standard used for exchanging data between fixed and mobile devices over short distances. While it offers convenience for connecting peripherals and transferring information, it also presents several security concerns in the cybersecurity landscape. Bluetooth vulnerabilities can potentially allow attackers to intercept communications, execute malicious code, or gain unauthorized access to devices. Common attacks include bluejacking, bluesnarfing, and bluebugging. To mitigate these risks, cybersecurity professionals recommend regularly updating device firmware, using the latest Bluetooth protocols, enabling encryption, and turning off Bluetooth when not in use. Despite ongoing security improvements, Bluetooth remains an attack vector that requires vigilant monitoring and protection in both personal and enterprise environments. -Below are some key points about Bluetooth: +Learn more from the following resources: -- **Short-range communication**: Bluetooth typically works within a radius of 10 meters (33 feet), giving it a significant advantage in terms of power consumption when compared to other wireless technologies such as Wi-Fi. The short range also reduces the chances of interference between devices. - -- **Low power consumption**: Bluetooth devices are designed to use relatively low power compared to other wireless technologies. This aspect contributes to their widespread adoption in battery-powered devices like wearable gadgets and IoT sensors. - -- **Convenience**: Bluetooth allows for easy, automatic connection between devices once they have been paired. This 'pair and play' functionality ensures users can quickly establish connectivity between their devices with minimal effort. - -- **Security**: Bluetooth includes security features like encryption and authentication, which ensure secure communication between paired devices. However, users must remain vigilant in terms of keeping their devices up-to-date with the latest Bluetooth security patches and protocols. - -- **Potential vulnerabilities**: Despite its built-in security measures, Bluetooth is not immune to cyber attacks. Some common risks include "bluejacking" (unauthorized sending of messages or files), "bluesnarfing" (unauthorized access to device data), and "BlueBorne" (an attack vector that exploits Bluetooth connections to infiltrate devices and spread malware). Users should be cautious in their usage of Bluetooth and follow best practices like not accepting unknown connection requests and turning off Bluetooth when not in use. - -In conclusion, Bluetooth offers a convenient means of connecting devices wirelessly. While it provides reasonably secure communication, users must stay informed about potential vulnerabilities and follow good security practices to safeguard their devices. - -- [@article@Bluetooth security risks to know (and how to avoid them)](https://us.norton.com/blog/mobile/bluetooth-security) -- [@official@Bluetooth security best practices from official website](https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/) -- [@feed@Explore top posts about Bluetooth](https://app.daily.dev/tags/bluetooth?ref=roadmapsh) +- [@article@Bluetooth in Cyber Security](https://www.zenarmor.com/docs/network-basics/what-is-bluetooth) +- [@video@Everything about Bluetooth Security](https://www.youtube.com/watch?v=i9mzl51ammA) diff --git a/src/data/roadmaps/cyber-security/content/box@4Man3Bd-ySLFlAdxbLOHw.md b/src/data/roadmaps/cyber-security/content/box@4Man3Bd-ySLFlAdxbLOHw.md index edf8f6851..a99dcfa87 100644 --- a/src/data/roadmaps/cyber-security/content/box@4Man3Bd-ySLFlAdxbLOHw.md +++ b/src/data/roadmaps/cyber-security/content/box@4Man3Bd-ySLFlAdxbLOHw.md @@ -1,24 +1,7 @@ # Box -[Box](https://www.box.com/) is a popular cloud storage service that provides individuals and businesses with a platform to securely store, share, and access files and documents from any device. Box is known for its emphasis on security and collaboration features, making it an ideal choice for businesses who want a secure way to share and collaborate on files with their teams. +Box is a popular cloud storage service that provides individuals and businesses with a platform to securely store, share, and access files and documents from any device. Box is known for its emphasis on security and collaboration features, making it an ideal choice for businesses who want a secure way to share and collaborate on files with their teams. -## Features +Learn more from the following resources: -- **Security:** Box ensures the data stored within their platform is secure by implementing various security measures, such as encryption (in-transit and at-rest), multi-factor authentication, and granular access controls. -- **Collaboration:** Users can easily invite collaborators, assign permissions, and share files via secure links within Box. It also features real-time document editing and file version history. -- **Integrations:** Box integrates with several other applications and services, such as Microsoft Office 365, Google Workspace, Salesforce, Slack, and more. -- **Box Drive:** With Box Drive, users can access and work on their files directly from the desktop, without downloading them locally, making it easy to keep files up-to-date. - -## Pricing - -Box offers a [variety of pricing plans](https://www.box.com/pricing), catering to different user requirements. These include: - -- **Individual Plan:** Free, with limited storage and features. -- **Personal Pro Plan:** $10/month, includes 100GB storage, larger file size support, and additional features. -- **Business Plans:** Starting at $5/user/month, tailored to meet the needs of small to enterprise-level businesses, with increased storage, advanced security, and much more. - -## Privacy & Compliance - -Box is compliant with various international privacy laws and regulations, such as GDPR, HIPAA, and FedRAMP. It also undergoes third-party audits and assessments to verify the efficacy of their security measures. - -In conclusion, Box is a highly secure and feature-rich cloud storage service that is specifically designed for businesses and individuals who require advanced security and collaboration functionality. +- [@official@Box Website](https://www.box.com/en-gb/home) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/brute-force-vs-password-spray@Q0i-plPQkb_NIvOQBVaDd.md b/src/data/roadmaps/cyber-security/content/brute-force-vs-password-spray@Q0i-plPQkb_NIvOQBVaDd.md index 13b5281c5..77b42166c 100644 --- a/src/data/roadmaps/cyber-security/content/brute-force-vs-password-spray@Q0i-plPQkb_NIvOQBVaDd.md +++ b/src/data/roadmaps/cyber-security/content/brute-force-vs-password-spray@Q0i-plPQkb_NIvOQBVaDd.md @@ -11,3 +11,5 @@ Password Spray is a more targeted and stealthy method of password cracking where Visit the following resources to learn more: - [@article@Brute force vs. Password Spray attack](https://www.inspark.nl/brute-force-vs-password-spray-attack-in-azure-sentinel/) +- [@article@What is password praying?](https://www.techtarget.com/whatis/definition/password-spraying) +- [@article@What is a brute force attack?](https://www.fortinet.com/resources/cyberglossary/brute-force-attack) diff --git a/src/data/roadmaps/cyber-security/content/buffer-overflow@n8ZOZxNhlnw7DpzoXe_f_.md b/src/data/roadmaps/cyber-security/content/buffer-overflow@n8ZOZxNhlnw7DpzoXe_f_.md index 9e95c162f..6a50f620a 100644 --- a/src/data/roadmaps/cyber-security/content/buffer-overflow@n8ZOZxNhlnw7DpzoXe_f_.md +++ b/src/data/roadmaps/cyber-security/content/buffer-overflow@n8ZOZxNhlnw7DpzoXe_f_.md @@ -5,5 +5,4 @@ A Buffer Overflow is a type of vulnerability that occurs when a program or proce Visit the following resources to learn more: - [@article@What Is Buffer Overflow?](https://www.fortinet.com/resources/cyberglossary/buffer-overflow) - - [@article@Buffer Overflow Attack](https://www.imperva.com/learn/application-security/buffer-overflow/) diff --git a/src/data/roadmaps/cyber-security/content/bus@0DWh4WmLK_ENDuqQmQcu4.md b/src/data/roadmaps/cyber-security/content/bus@0DWh4WmLK_ENDuqQmQcu4.md index 0dc6e1555..22eac2c39 100644 --- a/src/data/roadmaps/cyber-security/content/bus@0DWh4WmLK_ENDuqQmQcu4.md +++ b/src/data/roadmaps/cyber-security/content/bus@0DWh4WmLK_ENDuqQmQcu4.md @@ -1,21 +1,8 @@ # Bus -A **bus topology** is a type of network configuration where all the devices or nodes in the network are connected to a single, central cable known as the bus, backbone or trunk. This common shared path serves as the medium for data transmission and communication amongst the nodes. +In the context of cybersecurity, a bus refers to a communication system that transfers data between components inside a computer or between computers. It's a critical part of computer architecture that can be vulnerable to various security threats. Attackers may attempt to exploit bus systems to intercept sensitive data, inject malicious code, or perform side-channel attacks. These vulnerabilities can exist at different levels, from the system bus connecting major computer components to expansion buses for peripheral devices. Securing bus communications involves implementing encryption, access controls, and monitoring for unusual activity. As buses play a crucial role in data transfer, protecting them is essential for maintaining the overall security and integrity of computer systems and networks. -## How Bus Topology Works +Learn more from the following resources: -In a bus topology, every node has a unique address that identifies it on the network. When a node wants to communicate with another node in the network, it broadcasts a message containing the destination node's address as well as its own address. All the nodes connected to the bus receive the message, but only the intended recipient with the matching address responds. - -## Advantages of Bus Topology - -- **Easy to set up**: Bus topology is relatively simple in terms of installation, as it requires less cable and minimal hardware. -- **Cost-effective**: Due to its simplicity and reduced cabling requirements, it's typically more affordable to implement than other topologies. -- **Expandable**: New nodes can be easily added to the network by connecting them to the bus. - -## Disadvantages of Bus Topology - -- **Limited Scalability**: As the number of nodes increases, network performance may decrease due to increased collisions and data transmission time. -- **Single point of failure**: If the central cable (bus) fails or gets damaged, the entire network will be affected and may result in a complete breakdown. -- **Maintenance difficulty**: Troubleshooting and identifying issues within the network can be challenging due to the shared path for data transmission. - -Bus topology can be an effective solution for small networks with minimal devices. However, as network size and complexity increase, other topologies such as star, ring, or mesh may be more suitable for maintaining efficiency and reliability. +- [@article@What is a bus?](https://www.lenovo.com/gb/en/glossary/bus/?srsltid=AfmBOoocoXVvqdupLu13XAm0FZMOHjRtjnnCCFxa59tEa-bQwhiVhac2) +- [@video@Computer buses](https://www.youtube.com/watch?v=aBCaCrC3z0k) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/c@8jj9hpe9jQIgCc8Txyw3O.md b/src/data/roadmaps/cyber-security/content/c@8jj9hpe9jQIgCc8Txyw3O.md index ee0dfdbf5..1c390481b 100644 --- a/src/data/roadmaps/cyber-security/content/c@8jj9hpe9jQIgCc8Txyw3O.md +++ b/src/data/roadmaps/cyber-security/content/c@8jj9hpe9jQIgCc8Txyw3O.md @@ -2,44 +2,7 @@ C++ is a widely-used, high-level programming language that evolved from the earlier C programming language. Developed by Bjarne Stroustrup in 1985 at Bell Labs, C++ provides object-oriented features and low-level memory manipulation, making it an essential language for many fields, including game development, high-performance systems, and cybersecurity. -## Key Features of C++: +Learn more form the following resources: -## Object-Oriented Programming (OOP) - -C++ is one of the first programming languages to support Object-Oriented Programming (OOP). It allows code to be modular and reusable through the use of classes and objects. - -## Performance - -C++ provides high performance, as it allows low-level access to memory and fine-grained control over system resources. This makes C++ suitable for performance-critical applications like network security systems and firewalls. - -## Compatibility - -C++ is highly compatible with the C programming language, which makes it easier for programmers to transition from C to C++. Many system-level libraries and applications written in C can be easily extended or integrated with C++ code. - -## Standard Template Library (STL) - -C++ comes with a rich library called the Standard Template Library (STL). The STL contains efficient templated data structures and algorithms, which can improve development speed and code quality. - -## Importance of C++ in Cybersecurity - -C++ is widely used in the development of cybersecurity tools and applications due to its efficiency, low-level access, and compatibility with existing systems. Some reasons for its importance in cybersecurity include: - -- **Developing Security Software:** C++ is commonly used in developing antivirus software, firewalls, intrusion detection systems, and other security tools due to its strong performance capabilities. - -- **Reverse Engineering and Exploit Development:** Cybersecurity professionals often use C++ to reverse-engineer malware, study their behavior, and develop countermeasures to stop them. - -- **Vulnerability Analysis:** Since many applications are developed in C++, understanding the language helps cybersecurity professionals assess the code for vulnerabilities and potential exploits. - -- **Secure Code Development:** Developing secure applications is vital to prevent security breaches. With its powerful features, C++ enables developers to write efficient, maintainable, and secure code. - -## Resources for Learning C++ - -To advance your programming skills in C++ and leverage its power for cybersecurity tasks, consider the following resources: - -- [@article@Cplusplus.com](http://www.cplusplus.com/) -- [@article@CPPReference.com](https://en.cppreference.com/) -- [@course@Coursera: C++ For C Programmers](https://www.coursera.org/specializations/c-plus-plus-programming) -- [@article@A Tour of C++](https://www.amazon.com/Tour-C-Depth/dp/0134997832) (book) by Bjarne Stroustrup. -- [@feed@Explore top posts about C++](https://app.daily.dev/tags/c++?ref=roadmapsh) - -By mastering C++, you'll be well-equipped to develop and secure applications, analyze cybersecurity threats, and effectively contribute to the broader cybersecurity community. +- [@course@C++ Full Course - BroCode](https://www.youtube.com/watch?v=-TkoO8Z07hI) +- [@article@C++ Introduction](https://www.w3schools.com/cpp/cpp_intro.asp) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/cat@D2ptX6ja_HvFEafMIzWOy.md b/src/data/roadmaps/cyber-security/content/cat@D2ptX6ja_HvFEafMIzWOy.md index ceb545bf9..8a94f4a7b 100644 --- a/src/data/roadmaps/cyber-security/content/cat@D2ptX6ja_HvFEafMIzWOy.md +++ b/src/data/roadmaps/cyber-security/content/cat@D2ptX6ja_HvFEafMIzWOy.md @@ -2,50 +2,7 @@ `cat` is a widely used command-line utility in UNIX and UNIX-like systems. It stands for "concatenate" which, as the name suggests, can be used to concatenate files, display file contents, or combine files. In the context of incident response and discovery tools, `cat` plays an essential role in quickly accessing and assessing the contents of various files that inform on security incidents and help users understand system data as well as potential threats. -## Usage +Learn more from the following resources: -The default syntax for `cat` is as follows: - -```sh -cat [options] [file(s)] -``` - -where `options` are command flags to modify the behavior of `cat` and `file(s)` are the input file(s) to be processed. If no file is specified, `cat` reads input from the standard input, which allows it to interact with output from other utilities or commands. - -## Key Features - -Here are some of the useful features of `cat` in incident response and discovery: - -- **Display file contents**: Quickly view file content, which is useful for examining logs and configuration files. - - ```sh - cat file.txt - ``` - -- **Combine multiple files**: Combine contents of multiple files that can be useful while investigating related logs. - - ```sh - cat file1.txt file2.txt > combined.txt - ``` - -- **Number lines while displaying**: Use the `-n` flag to show line numbers in the output, assisting in pinpointing specific entries in large files. - - ```sh - cat -n file.txt - ``` - -- **Display non-printable characters**: The `-v` flag allows viewing non-printable characters that might be hidden in a file. - - ```sh - cat -v file.txt - ``` - -- **Piping and Archiving**: The `cat` command can interface seamlessly with other command-line utilities, allowing complex operations to be performed with ease. - - ```sh - cat logs.txt | grep 'ERROR' > error_logs.txt - ``` - -## Wrapping Up - -In summary, `cat` is a versatile and indispensable tool in cybersecurity for simplifying the process of navigating through files, logs, and data during an incident response. Its compatibility with various other Unix utilities and commands makes it a powerful tool in the hands of cyber professionals. \ No newline at end of file +- [@article@Linux cat command](https://phoenixnap.com/kb/linux-cat-command) +- [@video@The cat command](https://www.youtube.com/shorts/lTOje2weu_o?app=desktop) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/ccna@4RD22UZATfL8dc71YkJwQ.md b/src/data/roadmaps/cyber-security/content/ccna@4RD22UZATfL8dc71YkJwQ.md index 76992500f..25a02cbc7 100644 --- a/src/data/roadmaps/cyber-security/content/ccna@4RD22UZATfL8dc71YkJwQ.md +++ b/src/data/roadmaps/cyber-security/content/ccna@4RD22UZATfL8dc71YkJwQ.md @@ -2,24 +2,7 @@ The Cisco Certified Network Associate (CCNA) certification is an entry-level certification for IT professionals who want to specialize in networking, specifically within the realm of Cisco products. This certification validates an individual's ability to install, configure, operate, and troubleshoot medium-sized routed and switched networks. It also covers the essentials of network security and management. -## Key Concepts +Learn more from the following resources: -As a CCNA candidate, you will learn the following concepts: - -- Network fundamentals: understanding the basics of networking technologies, such as how devices communicate and how data is transmitted -- LAN switching technologies: understanding how switches work and how to configure them for optimal performance -- IPv4 and IPv6 routing technologies: learning how routers process packets and route data between networks -- WAN technologies: understanding Wide Area Networks (WANs) and how they are used to connect geographically dispersed networks -- Infrastructure services: learning about DHCP, DNS, and other essential network services -- Infrastructure security: understanding how to secure network devices and implement basic security measures -- Infrastructure management: learning about SNMP, Syslog, and other tools for network monitoring and management - -## CCNA Exam - -To obtain the CCNA certification, you will need to pass a single exam, currently the "200-301 CCNA" exam. This exam tests your knowledge and skills in the aforementioned key concepts. The exam consists of multiple-choice, drag-and-drop, and simulation questions that assess your understanding of networking theory, as well as your ability to perform practical tasks. - -## Why CCNA? - -A CCNA certification can provide you with a solid foundation in networking and open doors to various career opportunities, such as network administrator, network engineer, or security specialist roles. Many employers value CCNA-certified professionals for their validated skills in working with Cisco networking products and their understanding of networking fundamentals. Additionally, attaining a CCNA certification can serve as a stepping stone towards more advanced Cisco certifications, such as the Cisco Certified Network Professional (CCNP) and the Cisco Certified Internetwork Expert (CCIE). - -- [@video@Free CCNA 200-301 | Complete Course 2023 by Jeremy's IT Lab](https://www.youtube.com/playlist?list=PLxbwE86jKRgMpuZuLBivzlM8s2Dk5lXBQ) \ No newline at end of file +- [@Network Chuck Free CCNA Course](https://www.youtube.com/playlist?list=PLIhvC56v63IJVXv0GJcl9vO5Z6znCVb1P) +- [@official@CCNA Certification Website](https://www.cisco.com/site/us/en/learn/training-certifications/certifications/enterprise/ccna/index.html) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/ceh@AAo7DXB7hyBzO6p05gx1i.md b/src/data/roadmaps/cyber-security/content/ceh@AAo7DXB7hyBzO6p05gx1i.md index 6c534c399..3fe6950ab 100644 --- a/src/data/roadmaps/cyber-security/content/ceh@AAo7DXB7hyBzO6p05gx1i.md +++ b/src/data/roadmaps/cyber-security/content/ceh@AAo7DXB7hyBzO6p05gx1i.md @@ -2,41 +2,6 @@ **Certified Ethical Hacker (CEH)** is an advanced certification focused on equipping cybersecurity professionals with the knowledge and skills required to defend against the continuously evolving landscape of cyber threats. This certification is facilitated by the EC-Council, an internationally recognized organization for information security certifications. -## Objectives +Learn more from the following resources: -The CEH certification aims to provide professionals with the following skills: - -- Understand the ethics and legal requirements of ethical hacking -- Identify and analyze common cyber threats, including malware, social engineering, and various network attacks -- Utilize the latest penetration testing tools and methodologies to uncover vulnerabilities in systems, networks, and applications -- Implement defensive countermeasures to protect against cyber attacks - -## Target Audience - -The CEH certification is ideal for: - -- Cybersecurity professionals seeking to expand their skill set -- IT administrators responsible for securing their organization's systems and network -- Penetration testers looking to demonstrate their ethical hacking capabilities -- Security consultants who want a recognized certification in the IT security field - -## Exam Details - -To become a Certified Ethical Hacker, you must pass the CEH exam, which consists of the following: - -- Number of Questions: 125 -- Exam Type: Multiple choice questions -- Duration: 4 hours -- Passing Score: 70% - -## Preparation - -To prepare for the CEH exam, candidates can follow the EC-Council's official training course or opt for self-study. The recommended resources include: - -- EC-Council's [_CEH v11: Certified Ethical Hacker_](https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/) training course -- Official CEH study guide and practice exams -- CEH-related books, articles, and online resources - -## Recertification - -CEH holders need to earn 120 ECE (Education Credits) within three years of obtaining their certification to retain their credentials. These credits can be obtained through training, workshops, conferences, and other continuous learning opportunities in the field of information security. \ No newline at end of file +- [@official@CEH Website](https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/certificates@WXRaVCYwuGQsjJ5wyvbea.md b/src/data/roadmaps/cyber-security/content/certificates@WXRaVCYwuGQsjJ5wyvbea.md index 131c42140..9a89829dd 100644 --- a/src/data/roadmaps/cyber-security/content/certificates@WXRaVCYwuGQsjJ5wyvbea.md +++ b/src/data/roadmaps/cyber-security/content/certificates@WXRaVCYwuGQsjJ5wyvbea.md @@ -2,39 +2,9 @@ Certificates, also known as digital certificates or SSL/TLS certificates, play a crucial role in the world of cybersecurity. They help secure communications between clients and servers over the internet, ensuring that sensitive data remains confidential and protected from prying eyes. -## What is a Certificate? - -A digital certificate is an electronic document that uses a digital signature to bind a public key with a specific identity, such as a website domain or an organization. It contains information about the certificate holder, the certificate's validity period, and the public key of the entity that the certificate represents. - -## Certificate Authorities (CAs) - -Certificates are issued and signed by trusted third-party organizations called Certificate Authorities (CAs). CAs are responsible for verifying the authenticity of organizations or individuals making the request and ensuring that they, indeed, own the domain for which the certificate is issued. - -Some well-known CAs include: - -- DigiCert -- Let's Encrypt -- GlobalSign -- Sectigo (formerly Comodo) -- Entrust - -## Types of Certificates - -Different types of certificates serve different purposes and offer varying levels of validation: - -- **Domain Validation (DV)**: These certificates validate the ownership of the domain but do not contain any information about the organization that owns it. DV certificates offer a basic level of security and are suitable for websites that don't process sensitive data, such as blogs or portfolio sites. -- **Organization Validation (OV)**: OV certificates verify the ownership of the domain and contain information about the organization that owns it. This type of certificate provides an enhanced level of trust and is recommended for business websites where users need to know the identity of the organization they are dealing with. -- **Extended Validation (EV)**: EV certificates provide the highest level of identity validation by conducting a rigorous verification process that involves checking the organization's legal status, physical presence, and domain ownership. Websites with an EV certificate display a green padlock or bar in the browser address bar, increasing user trust and confidence. - -## Importance of Certificates - -Digital certificates offer various benefits in the realm of cybersecurity, such as: - -- **Authentication**: Certificates help to establish the authenticity of a domain or an organization, allowing users to trust that they are communicating with a legitimate entity. -- **Encryption**: By using public key encryption, certificates enable secure communication between clients and servers, protecting sensitive data from being intercepted by malicious actors. -- **Integrity**: Certificates ensure that the data transferred between parties remains intact and unaltered during transmission, preventing tampering or manipulation by malicious actors. -- **Trust**: With the assurance that a website has a valid certificate from a trusted CA, users are more likely to trust and engage with the site, leading to increased conversion rates and customer loyalty. +Digital certificates provide a crucial layer of security and trust for online communications. Understanding their role in cybersecurity, the different types of certificates, and the importance of acquiring certificates from trusted CAs can greatly enhance your organization's online security posture and reputation. -## Conclusion +Learn more from the following resources: -Digital certificates provide a crucial layer of security and trust for online communications. Understanding their role in cybersecurity, the different types of certificates, and the importance of acquiring certificates from trusted CAs can greatly enhance your organization's online security posture and reputation. +- [@article@What is an SSL certificate?](https://www.cloudflare.com/en-gb/learning/ssl/what-is-an-ssl-certificate/) +- [@article@What is a certificate authority](https://www.ssl.com/article/what-is-a-certificate-authority-ca/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/cidr@PPIH1oHW4_ZDyD3U3shDg.md b/src/data/roadmaps/cyber-security/content/cidr@PPIH1oHW4_ZDyD3U3shDg.md index f36db15ea..390c47e50 100644 --- a/src/data/roadmaps/cyber-security/content/cidr@PPIH1oHW4_ZDyD3U3shDg.md +++ b/src/data/roadmaps/cyber-security/content/cidr@PPIH1oHW4_ZDyD3U3shDg.md @@ -2,22 +2,11 @@ CIDR, or Classless Inter-Domain Routing, is a method of allocating IP addresses and routing Internet Protocol packets in a more flexible and efficient way, compared to the older method of Classful IP addressing. Developed in the early 1990s, CIDR helps to slow down the depletion of IPv4 addresses and reduce the size of routing tables, resulting in better performance and scalability of the Internet. -## How CIDR works - CIDR achieves its goals by replacing the traditional Class A, B, and C addressing schemes with a system that allows for variable-length subnet masking (VLSM). In CIDR, an IP address and its subnet mask are written together as a single entity, referred to as a _CIDR notation_. A CIDR notation looks like this: `192.168.1.0/24`. Here, `192.168.1.0` is the IP address, and `/24` represents the subnet mask. The number after the slash (/) is called the _prefix length_, which indicates how many bits of the subnet mask should be set to 1 (bitmask). The remaining bits of the subnet mask are set to 0. -For example, a `/24` prefix length corresponds to a subnet mask of `255.255.255.0`, because the first 24 bits are set to 1. This allows for 256 total IP addresses in the subnet, with 254 of these IPs available for devices (The first and last IP are reserved for the network address and broadcast address, respectively). - -## Advantages of CIDR - -- **Efficient IP allocation:** CIDR allows for more granular allocation of IPv4 addresses, reducing wasted IP space. -- **Reduction of routing table size:** CIDR enables route aggregation (route summarization), which combines multiple network routes to a single routing table entry. -- **Decreased routing updates:** By allowing routers to share more generalized routing information, the number of routing updates gets significantly reduced, improving network stability and reducing router workload. - -## CIDR in IPv6 - -CIDR also plays a crucial role in the IPv6 addressing system, where the use of CIDR notation and address aggregation has become even more critical in managing the immense address space of IPv6 efficiently. +Learn more from the following resources: -In conclusion, CIDR is an essential component of modern IP networking systems, enabling better utilization of IP address space and improving the overall scalability and performance of the Internet. It's crucial for network administrators and security professionals to have a solid understanding of CIDR, as it plays a significant role in configuring, managing, and securing IP networks. +- [@article@What is CIDR?](https://aws.amazon.com/what-is/cidr/) +- [@video@What is Network CIDR Notation?](https://www.youtube.com/watch?v=tpa9QSiiiUo) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/cis@sSihnptkoEqUsHjDpckhG.md b/src/data/roadmaps/cyber-security/content/cis@sSihnptkoEqUsHjDpckhG.md index 9b9628b2c..989108fa2 100644 --- a/src/data/roadmaps/cyber-security/content/cis@sSihnptkoEqUsHjDpckhG.md +++ b/src/data/roadmaps/cyber-security/content/cis@sSihnptkoEqUsHjDpckhG.md @@ -2,32 +2,7 @@ The **Center for Internet Security (CIS)** is a non-profit organization that focuses on enhancing the cybersecurity posture of individuals, organizations, and governments around the world. CIS offers various tools, best practices, guidelines, and frameworks that help in defending against common cyber threats. -## CIS Critical Security Controls +Learn more from the following resources: -One of the most significant contributions of CIS is the **CIS Critical Security Controls (CSC)**, which are a set of prioritized actions that aim to improve cyber defense. These controls have been developed by a community of IT security experts and are regularly updated to remain relevant in the ever-evolving threat landscape. - -The CIS Critical Security Controls are divided into three categories: - -- Basic Controls: Foundational security measures that every organization should implement. -- Foundational Controls: Additional security measures providing a more robust defense. -- Organizational Controls: Governance and management-related processes, ensuring the continuity and effectiveness of the security program. - -The following are the key objectives of implementing CIS Critical Security Controls: - -- Strengthen the security posture of an organization. -- Protect sensitive information and valuable assets. -- Identify and prioritize the most critical vulnerabilities. -- Reduce the attack surface and risks associated with cyber threats. - -## CIS Benchmarks - -CIS also provides **CIS Benchmarks**, which are a set of configuration guidelines for various technologies, including operating systems, cloud providers, and applications. These benchmarks offer practical guidance for securing systems and improving overall cybersecurity posture. - -CIS Benchmarks provide the following benefits: - -- Improve system security by reducing the attack surface. -- Assist in meeting compliance requirements such as HIPAA, PCI DSS, and GDPR. -- Enable organizations to adopt best practices in configuration management. -- Facilitate audit preparation and maintaining system documentation. - -In summary, the Center for Internet Security (CIS) offers valuable resources that can help organizations bolster their security posture. The CIS Critical Security Controls and CIS Benchmarks are practical tools that provide guidance on implementing security measures to mitigate cyber threats effectively. By following these guidelines, organizations can improve their resilience and better protect themselves in the rapidly evolving digital landscape. \ No newline at end of file +- [@video@CIS Overview](https://www.youtube.com/watch?v=f-Z7h5dI6uQ) +- [@official@CIS Website](https://www.cisecurity.org/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/cisa@lqFp4VLY_S-5tAbhNQTew.md b/src/data/roadmaps/cyber-security/content/cisa@lqFp4VLY_S-5tAbhNQTew.md index 7714cacf2..5c1b093ba 100644 --- a/src/data/roadmaps/cyber-security/content/cisa@lqFp4VLY_S-5tAbhNQTew.md +++ b/src/data/roadmaps/cyber-security/content/cisa@lqFp4VLY_S-5tAbhNQTew.md @@ -2,44 +2,9 @@ The **Certified Information Systems Auditor (CISA)** is a globally recognized certification for professionals who audit, control, monitor, and assess an organization's information technology and business systems. -## Overview - CISA was established by the Information Systems Audit and Control Association (ISACA) and is designed to demonstrate an individual's expertise in managing vulnerabilities, ensuring compliance with industry regulations, and instituting controls within the business environment. -## Who Should Pursue CISA? - -CISA is most suitable for professionals with roles such as: - -- IT auditors -- IT security professionals -- IT risk analysts -- IT compliance analysts -- Security consultants - -## Exam and Prerequisites - -To earn the CISA certification, candidates must pass a comprehensive exam. The prerequisites for the CISA certification include: - -- Five years of professional experience in information systems auditing, control, assurance, or security work. Some substitutions and waivers can be made for education, but a minimum of two years of experience in information systems audit or control is required. -- Agree to the ISACA Code of Professional Ethics. -- Adherence to the CISA Continuing Professional Education (CPE) Program, which requires a minimum of 20 CPE hours annually and 120 hours of CPE in a 3-year period. - -The exam itself has a duration of four hours and consists of 150 multiple-choice questions. It covers five domains: - -- The Process of Auditing Information Systems (21%) -- Governance and Management of IT (16%) -- Information Systems Acquisition, Development, and Implementation (18%) -- Information Systems Operations, Maintenance, and Service Management (20%) -- Protection of Information Assets (25%) - -## Benefits of CISA Certification - -Upon obtaining the CISA certification, some of the benefits include: - -- Increased credibility and recognition in the industry -- Enhanced career prospects and job security -- A competitive edge over non-certified professionals -- The potential for salary increase and promotions -- Access to a global community of certified professionals and resources +Learn more from the following resources: -Overall, the CISA certification can be a valuable asset for those looking to advance their careers in cybersecurity, particularly in the area of auditing and controlling information systems. \ No newline at end of file +- [@official@CISA Website](https://www.isaca.org/credentialing/cisa) +- [@article@What is a Certified Information Systems Auditor?](https://www.investopedia.com/terms/c/certified-information-systems-auditor.asp) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/cism@s86x24SHPEbbOB9lYNU-w.md b/src/data/roadmaps/cyber-security/content/cism@s86x24SHPEbbOB9lYNU-w.md index 46f0bdcad..44e2a0d13 100644 --- a/src/data/roadmaps/cyber-security/content/cism@s86x24SHPEbbOB9lYNU-w.md +++ b/src/data/roadmaps/cyber-security/content/cism@s86x24SHPEbbOB9lYNU-w.md @@ -1,31 +1,10 @@ # CISM -The [Certified Information Security Manager (CISM)](https://www.isaca.org/credentialing/cism) is an advanced cybersecurity certification offered by ISACA that focuses on information security management. It is designed for professionals who have a strong understanding of information security and are responsible for overseeing, designing, and managing an organization's information security programs. +The Certified Information Security Manager (CISM) is an advanced cybersecurity certification offered by ISACA that focuses on information security management. It is designed for professionals who have a strong understanding of information security and are responsible for overseeing, designing, and managing an organization's information security programs. -## Who Should Pursue CISM Certification? +Common ports are standardized communication endpoints used by various network protocols and services. In cybersecurity, understanding these ports is crucial for configuring firewalls, detecting potential threats, and managing network traffic. Some widely used ports include 80 and 443 for HTTP and HTTPS web traffic, 22 for SSH secure remote access, 25 for SMTP email transmission, and 53 for DNS name resolution. FTP typically uses port 21 for control and 20 for data transfer, while ports 137-139 and 445 are associated with SMB file sharing. Database services often use specific ports, such as 3306 for MySQL and 1433 for Microsoft SQL Server. Cybersecurity professionals must be familiar with these common ports and their expected behaviors to effectively monitor network activities, identify anomalies, and secure systems against potential attacks targeting specific services. -The CISM certification is ideal for: +Learn more from the following resources: -- Information security managers -- IT consultants -- IT auditors -- Senior IT professionals responsible for information security -- Security architects and engineers - -## Exam Requirements and Process - -To obtain the CISM certification, candidates must: - -- **Register for the CISM Exam**: You must [register](https://www.isaca.org/exams) for the exam, pay the registration fee, and select an exam date during one of the three annual exam windows. -- **Meet the Experience Requirements**: You must have at least five years of experience in information security management across at least three of the four CISM domains. There is the option to waive up to two years of experience based on your education or other certifications. -- **Study for the Exam**: Thorough exam preparation is essential for success. ISACA provides a range of study materials, including the [CISM Review Manual](https://www.isaca.org/bookstore), online question banks, and instructor-led courses. -- **Take the Exam**: The CISM exam consists of 150 multiple-choice questions, and you have four hours to complete it. It covers four main domains: - - - Information Security Governance - - Information Risk Management - - Information Security Program Development and Management - - Information Security Incident Management - -- **Maintain Your Certification**: Once you pass the exam and meet the experience requirements, you need to [apply for certification](https://www.isaca.org/credentialing/certified-information-security-manager/get-cism-certified). To maintain your CISM credential, you must earn Continuing Professional Education (CPE) hours and renew your certification every three years. - -The CISM certification is globally recognized for its emphasis on the strategic and managerial aspects of information security. Professionals with this certification are in high demand, as they possess the knowledge and skills to develop and manage comprehensive information security programs in various organizations. \ No newline at end of file +- [@official@CISM Website](https://www.isaca.org/credentialing/cism) +- [@article@Certified Information Security Manager (CISM)](https://www.techtarget.com/searchsecurity/definition/certified-information-security-manager-CISM) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md b/src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md index 607f62803..eb364966d 100644 --- a/src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md +++ b/src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md @@ -2,45 +2,7 @@ The Certified Information Systems Security Professional (CISSP) is a globally recognized certification offered by the International Information System Security Certification Consortium (ISC)². It is designed for experienced security professionals to validate their knowledge and expertise in the field of information security. -## Who Should Obtain the CISSP Certification? +Learn more from the following resources: -The CISSP certification is ideal for security consultants, managers, IT directors, security auditors, security analysts, and other professionals who are responsible for designing, implementing, and managing security for their organization. This certification is aimed at professionals with at least five years of full-time experience in two or more of the eight CISSP domains: - -- Security and Risk Management -- Asset Security -- Security Architecture and Engineering -- Communication and Network Security -- Identity and Access Management (IAM) -- Security Assessment and Testing -- Security Operations -- Software Development Security - -## Certification Process - -To obtain the CISSP certification, candidates must meet the following requirements: - -- **Experience:** Possess a minimum of five years of cumulative, paid, full-time work experience in two or more of the eight domains of the CISSP Common Body of Knowledge (CBK). - -- **Exam:** Pass the CISSP examination with a minimum scaled score of 700 out of 1000 points. The exam consists of 100 to 150 multiple-choice and advanced innovative questions that must be completed within three hours. - -- **Endorsement:** After passing the exam, candidates must submit an endorsement application to be reviewed and endorsed by an (ISC)² CISSP holder within nine months of passing the exam. - -- **Continuing Professional Education (CPE):** To maintain the CISSP certification, professionals must earn 120 CPE credits every three years, with a minimum of 40 credits earned each year, and pay an annual maintenance fee. - -## Benefits of CISSP Certification - -Obtaining the CISSP certification comes with numerous benefits, such as: - -- Enhanced credibility, as the CISSP is often considered the gold standard in information security certifications. -- Increased job opportunities, as many organizations and government agencies require or prefer CISSP-certified professionals. -- Improved knowledge and skills, as the certification covers a broad range of security topics and best practices. -- Higher salary potential, as CISSP-certified professionals often command higher salaries compared to their non-certified counterparts. -- Access to a network of other CISSP-certified professionals and resources, enabling continuous learning and professional development. - -Learn more from the following resources - -- [@official@ISC2 CISSP](https://www.isc2.org/certifications/cissp) -- [@official@ISC2 CISSP - Official Study Guide](https://www.wiley.com/en-us/ISC2+CISSP+Certified+Information+Systems+Security+Professional+Official+Study+Guide%2C+10th+Edition-p-9781394254699) -- [@article@Destcert - CISSP Free Resources](https://destcert.com/resources/) -- [@video@CISSP Exam Cram 2024](https://youtube.com/playlist?list=PL7XJSuT7Dq_XPK_qmYMqfiBjbtHJRWigD&si=_wSeCkvj-1rzv0ZF) -- [@video@CISSP Prep (Coffee Shots)](https://youtube.com/playlist?list=PL0hT6hgexlYxKzBmiCD6SXW0qO5ucFO-J&si=9ICs373Vl1ce3s0H) +- [@official@CISSP Certification Website](https://www.isc2.org/certifications/cissp) +- [@course@CISSP Certification course](https://www.youtube.com/watch?v=M1_v5HBVHWo) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/cloud-skills-and-knowledge@vVaBQ5VtsE_ZeXbCOF8ux.md b/src/data/roadmaps/cyber-security/content/cloud-skills-and-knowledge@vVaBQ5VtsE_ZeXbCOF8ux.md index f050ea317..743ea275b 100644 --- a/src/data/roadmaps/cyber-security/content/cloud-skills-and-knowledge@vVaBQ5VtsE_ZeXbCOF8ux.md +++ b/src/data/roadmaps/cyber-security/content/cloud-skills-and-knowledge@vVaBQ5VtsE_ZeXbCOF8ux.md @@ -1,48 +1,10 @@ # Cloud Skills and Knowledge -In the realm of cyber security, cloud skills and knowledge are indispensable for professionals who work with cloud-based infrastructure and services. As more organizations migrate to the cloud, the demand for cloud security expertise continues to rise. This chapter focuses on the essential cloud skills and knowledge a cyber security specialist should possess. +Cloud skills and knowledge are essential for working effectively with cloud computing technologies and services, which provide scalable, on-demand resources over the internet. Core cloud skills include understanding the architecture and types of cloud deployments, such as public, private, and hybrid clouds, as well as the major service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Knowledge of cloud platforms like AWS, Microsoft Azure, and Google Cloud is crucial, along with the ability to manage virtual machines, storage, networking, and databases in a cloud environment. -## Understanding Cloud Models +Security in the cloud is a vital skill, encompassing encryption, identity and access management (IAM), compliance, and disaster recovery. Understanding DevOps practices, containerization (using tools like Docker and Kubernetes), and serverless computing also plays a significant role in cloud operations. Additionally, familiarity with cloud-native tools for automation, monitoring, and orchestration, as well as knowledge of cloud cost optimization and performance tuning, are important for maximizing cloud efficiency and ensuring a secure, scalable infrastructure. -It is fundamental for a cyber security professional to be acquainted with the different cloud service models, including: +Learn more from the following resources: -- **IaaS (Infrastructure as a Service):** Offers virtualized computing resources over the Internet (e.g., Amazon Web Services, Microsoft Azure). -- **PaaS (Platform as a Service):** Provides a platform for developers to build, test, and deploy applications (e.g., Google App Engine, Heroku). -- **SaaS (Software as a Service):** Offers on-demand access to software applications over the Internet (e.g., Salesforce, Microsoft 365). - -## Familiarity with Cloud Security Architecture - -A comprehensive understanding of cloud security architecture enables professionals to design and implement secure cloud environments. Key aspects include: - -- Identifying and managing risks in cloud deployments -- Configuring and managing cloud security services -- Applying best practices for data storage, access control, and encryption in the cloud - -## Compliance and Legal Issues - -Cloud security specialists must be aware of various compliance and legal requirements related to cloud data storage and processing, such as GDPR, HIPAA, and PCI-DSS. - -## Cloud Security Tools and Technologies - -Cyber security professionals should be proficient in using various security tools and technologies specifically designed for the cloud, including: - -- Cloud security monitoring and management tools (e.g., AWS Security Hub, Azure Security Center) -- Cloud-native security platforms (e.g., Palo Alto Networks Prisma, Check Point CloudGuard) -- API security and management tools (e.g., Postman, Swagger) - -## Cloud Identity and Access Management - -A strong grasp of identity and access management (IAM) concepts in the cloud is crucial. This entails understanding: - -- How to create and manage user identities and permissions -- Implementing multi-factor authentication (MFA) -- Understanding the differences between cloud-based and traditional IAM systems - -## Securing Cloud Networks - -Professionals should know the fundamentals of securing cloud networks, including: - -- Implementing network security features such as firewalls, virtual private networks (VPNs), and intrusion detection systems -- Segmenting cloud networks for better security - -Overall, possessing cloud skills and knowledge prepares cyber security professionals to effectively protect and manage cloud infrastructure and applications in today's fast-paced digital landscape. +- [@article@7 Cloud Computing skills to know](https://www.coursera.org/articles/cloud-computing-skills) +- [@video@What cloud skills are essential?](https://www.youtube.com/watch?v=udKBDRcj178) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/common-commands@WDrSO7wBNn-2jB8mcyT7j.md b/src/data/roadmaps/cyber-security/content/common-commands@WDrSO7wBNn-2jB8mcyT7j.md index 44bbbd75b..b89897f57 100644 --- a/src/data/roadmaps/cyber-security/content/common-commands@WDrSO7wBNn-2jB8mcyT7j.md +++ b/src/data/roadmaps/cyber-security/content/common-commands@WDrSO7wBNn-2jB8mcyT7j.md @@ -1,83 +1,30 @@ # Common Commands -In this guide, we will cover essential common commands you need to know when starting your journey in cyber security. By becoming proficient in these commands, you will be able to navigate, analyze, and manage different aspects of systems and networks. The list will cover command prompts, shell commands, and other tools. +Common operating system (OS) commands are essential for interacting with a system's shell or command-line interface (CLI). These commands allow users to perform a wide range of tasks, such as navigating the file system, managing files and directories, checking system status, and administering processes. Below are some commonly used commands across Unix/Linux and Windows operating systems: -_Please note this guide assumes you already have basic knowledge of command line interfaces (CLI)_ +1. **Navigating the File System:** + - Unix/Linux: `ls` (list files), `cd` (change directory), `pwd` (print working directory) + - Windows: `dir` (list files), `cd` (change directory), `echo %cd%` (print working directory) -## Operating System Commands +2. **File and Directory Management:** + - Unix/Linux: `cp` (copy files), `mv` (move/rename files), `rm` (remove files), `mkdir` (create directory) + - Windows: `copy` (copy files), `move` (move/rename files), `del` (delete files), `mkdir` (create directory) -These commands are useful for managing and understanding your operating system and its components. +3. **System Information and Processes:** + - Unix/Linux: `top` or `htop` (view running processes), `ps` (list processes), `df` (disk usage), `uname` (system info) + - Windows: `tasklist` (list processes), `taskkill` (kill process), `systeminfo` (system details) -## Windows +4. **File Permissions and Ownership:** + - Unix/Linux: `chmod` (change file permissions), `chown` (change file ownership) + - Windows: `icacls` (modify access control lists), `attrib` (change file attributes) -- `ipconfig`: Display the IP configuration for all network interfaces on the device. +5. **Network Commands:** + - Unix/Linux: `ping` (test network connection), `ifconfig` or `ip` (network interface configuration), `netstat` (network statistics) + - Windows: `ping` (test network connection), `ipconfig` (network configuration), `netstat` (network statistics) -- `netstat`: Display active network connections, listening ports, and routing tables. +These commands form the foundation of interacting with and managing an OS via the command line, providing greater control over system operations compared to graphical interfaces. -- `systeminfo`: Display detailed information about the computer's hardware and software configuration. +Learn more from the following resources: -- `nslookup`: Look up the IP address of a domain or host. - -- `ping`: Send a series of network packets to test network connectivity. - -## Linux/Unix/MacOS - -- `ifconfig`: Display the IP configuration for all network interfaces on the device. - -- `netstat`: Display active network connections, listening ports, and routing tables. - -- `uname -a`: Display detailed information about the operating system. - -- `dig`: Look up the IP address of a domain or host. - -- `ping`: Send a series of network packets to test network connectivity. - -## File System Commands - -These commands are useful for navigating and managing file systems on your device. - -## Windows - -- `dir`: List files and directories in the current directory. - -- `cd`: Change the current directory. - -- `copy`: Copy files from one location to another. - -- `move`: Move files from one location to another. - -- `del`: Delete specified files. - -## Linux/Unix/MacOS - -- `ls`: List files and directories in the current directory. - -- `cd`: Change the current directory. - -- `cp`: Copy files from one location to another. - -- `mv`: Move files from one location to another. - -- `rm`: Delete specified files. - -## Network Analysis Commands - -These commands are useful for analyzing and troubleshooting network connections. - -- `traceroute` (Linux/Unix/MacOS) / `tracert` (Windows): Display the route and transit delay of packets across a network. - -- `tcpdump` (Linux/Unix/MacOS) / `Wireshark` (Windows): Capture and analyze network traffic. - -## Cyber Security Tools - -- `nmap`: Scan networks and hosts for open ports and network services. - -- `Metasploit`: A penetration testing framework that simplifies the discovery and exploitation of vulnerabilities. - -- `John the Ripper`: A password-cracking tool that automatically detects and cracks multiple password formats. - -- `Wireshark`: A network protocol analyzer that captures and analyzes network traffic. - -- `Aircrack-ng`: A suite of tools for auditing wireless networks. - -By familiarizing yourself with these common commands and tools, you'll have a solid foundation to build upon in your cyber security journey. As you progress, you will encounter more advanced tools and techniques, so keep learning and stay curious! \ No newline at end of file +- [@video@60 Linux commands you must know](https://www.youtube.com/watch?v=gd7BXuUQ91w) +- [@video@Top 40 Windows commands to know](https://www.youtube.com/watch?v=Jfvg3CS1X3A) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/common-ports-and-their-uses@0tx2QYDYXhm85iYrCWd9U.md b/src/data/roadmaps/cyber-security/content/common-ports-and-their-uses@0tx2QYDYXhm85iYrCWd9U.md index 78d03d60a..c11a7385b 100644 --- a/src/data/roadmaps/cyber-security/content/common-ports-and-their-uses@0tx2QYDYXhm85iYrCWd9U.md +++ b/src/data/roadmaps/cyber-security/content/common-ports-and-their-uses@0tx2QYDYXhm85iYrCWd9U.md @@ -1,39 +1,8 @@ # Common Ports and their Uses -Ports are crucial in networking, as they facilitate communication between devices and applications. They act as endpoints in the networking process, enabling data transfer. We've compiled a list of commonly used ports to help you understand their significance in cyber security. +Common ports are standardized communication endpoints used by various network protocols and services. In cybersecurity, understanding these ports is crucial for configuring firewalls, detecting potential threats, and managing network traffic. Some widely used ports include 80 and 443 for HTTP and HTTPS web traffic, 22 for SSH secure remote access, 25 for SMTP email transmission, and 53 for DNS name resolution. FTP typically uses port 21 for control and 20 for data transfer, while ports 137-139 and 445 are associated with SMB file sharing. Database services often use specific ports, such as 3306 for MySQL and 1433 for Microsoft SQL Server. Cybersecurity professionals must be familiar with these common ports and their expected behaviors to effectively monitor network activities, identify anomalies, and secure systems against potential attacks targeting specific services. -## Transmission Control Protocol (TCP) Ports +Learn more from the following resources: -- **FTP (File Transfer Protocol) - Ports 20 and 21**: FTP is a widely used protocol for transferring files. - -- **SSH (Secure Shell) - Port 22**: SSH allows secure communication and remote access to devices over an unsecured network. - -- **Telnet - Port 23**: Telnet is a text-based protocol that allows you to interact with remote devices over networks. - -- **SMTP (Simple Mail Transfer Protocol) - Port 25**: SMTP is a protocol for sending and receiving emails. - -- **DNS (Domain Name System) - Port 53**: DNS translates human-readable domain names into IP addresses to facilitate communication between devices. - -- **HTTP (Hypertext Transfer Protocol) - Port 80**: HTTP is the primary protocol used for communication on the World Wide Web. - -- **POP3 (Post Office Protocol 3) - Port 110**: POP3 is a protocol for receiving emails from your email server. - -- **IMAP (Internet Message Access Protocol) - Port 143**: IMAP is a more advanced email protocol that allows you to access and manage your emails on the email server. - -- **HTTPS (Hypertext Transfer Protocol Secure) - Port 443**: HTTPS is an encrypted and secure version of HTTP. - -- **RDP (Remote Desktop Protocol) - Port 3389**: RDP is a Microsoft-developed protocol for remotely accessing Windows devices. - -## User Datagram Protocol (UDP) Ports - -- **DHCP (Dynamic Host Configuration Protocol) - Ports 67 and 68**: DHCP is used to allocate IP addresses to devices within a network. - -- **DNS (Domain Name System) - Port 53**: (same function as in TCP) - -- **TFTP (Trivial File Transfer Protocol) - Port 69**: TFTP is a simplified version of FTP for quick and easy file transfer. - -- **SNMP (Simple Network Management Protocol) - Port 161**: SNMP enables monitoring and managing network devices, including printers, routers, and switches. - -- **NTP (Network Time Protocol) - Port 123**: NTP is a standard protocol used to synchronize time across network devices. - -Understanding these common ports and their functions is essential for network administrators and cyber security professionals. Proper knowledge of these ports will help you identify and assess potential security risks, as well as implement robust network defense measures. +- [@video@Common network ports](https://www.youtube.com/watch?v=dh8h-4u7Wak) +- [@article@Common network ports you should know](https://opensource.com/article/18/10/common-network-ports) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/common-protocols-and-their-uses@ViF-mpR17MB3_KJ1rV8mS.md b/src/data/roadmaps/cyber-security/content/common-protocols-and-their-uses@ViF-mpR17MB3_KJ1rV8mS.md index 932658570..05be68557 100644 --- a/src/data/roadmaps/cyber-security/content/common-protocols-and-their-uses@ViF-mpR17MB3_KJ1rV8mS.md +++ b/src/data/roadmaps/cyber-security/content/common-protocols-and-their-uses@ViF-mpR17MB3_KJ1rV8mS.md @@ -1,35 +1,8 @@ # Common Protocols and their Uses -In this section, we will discuss some of the most common protocols used in networking and their importance in maintaining cyber security. Protocols are a set of rules and procedures that define how data should be transmitted, formatted, and processed over a network. +Networking protocols are essential for facilitating communication between devices and systems across networks. In cybersecurity, understanding these protocols is crucial for identifying potential vulnerabilities and securing data transmission. Common protocols include TCP/IP, the foundation of internet communication, which ensures reliable data delivery. HTTP and HTTPS are used for web browsing, with HTTPS providing encrypted connections. FTP and SFTP handle file transfers, while SMTP, POP3, and IMAP manage email services. DNS translates domain names to IP addresses, and DHCP automates IP address assignment. SSH enables secure remote access and management of systems. Other important protocols include TLS/SSL for encryption, SNMP for network management, and VPN protocols like IPsec and OpenVPN for secure remote connections. Cybersecurity professionals must be well-versed in these protocols to effectively monitor network traffic, implement security measures, and respond to potential threats targeting specific protocol vulnerabilities. -## HyperText Transfer Protocol (HTTP) and HTTPS +Learn more from the following resources: -HTTP, or HyperText Transfer Protocol, is the foundation of data communication on the World Wide Web. It defines how data should be formatted and transmitted between a client (like your browser) and a web server. HTTP is a stateless protocol, meaning each request and response pair is independent from others. - -HTTPS, or HTTP Secure, is a secure version of HTTP that encrypts data between the client and server using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to protect sensitive data from being intercepted or tampered with. - -## Transmission Control Protocol (TCP) - -TCP, or Transmission Control Protocol, is a reliable, connection-oriented protocol that ensures data is delivered correctly between applications over a network. It ensures accurate and complete data delivery by establishing a connection, segmenting data into smaller packets, verifying the receipt of packets, and reordering packets to their original sequence. - -## Internet Protocol (IP) - -Internet Protocol (IP) is responsible for delivering packets from the source host to the destination host based on their IP addresses. IP is the primary protocol in the Internet Layer of the Internet Protocol Suite and has two main versions - IPv4 and IPv6. - -## User Datagram Protocol (UDP) - -UDP, or User Datagram Protocol, is a connectionless communication protocol used for fast and efficient data transmission. Unlike TCP, UDP does not provide error checking or guarantee delivery, making it suitable for real-time applications like video streaming and online gaming where low latency is crucial. - -## Domain Name System (DNS) - -The Domain Name System (DNS) is responsible for translating human-readable domain names (like www.example.com) into corresponding IP addresses that computers understand. This process is called domain name resolution. DNS is an essential component of internet communication, as it allows users to access websites using easy-to-remember names instead of numerical IP addresses. - -## File Transfer Protocol (FTP) - -File Transfer Protocol (FTP) is a standard network protocol used for transferring files from one host to another over a TCP-based network, such as the Internet. FTP is commonly used for sharing files and transferring files between a client and a server. - -## Simple Mail Transfer Protocol (SMTP) - -Simple Mail Transfer Protocol (SMTP) is the standard protocol for sending email messages across a network. It defines how email messages should be formatted, encrypted, and relayed between email clients, servers, and other email systems. - -Understanding these common protocols and their roles in network communication is vital for ensuring the proper implementation of cyber security measures. It will help you better identify potential vulnerabilities and make informed decisions on network defense strategies. +- [@video@Networking For Hackers! (Common Network Protocols)](https://www.youtube.com/watch?v=p3vaaD9pn9I) +- [@article@12 common network protocols](https://www.techtarget.com/searchnetworking/feature/12-common-network-protocols-and-their-functions-explained) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/compliance@05Gbgy6aawYlYIx38u8DE.md b/src/data/roadmaps/cyber-security/content/compliance@05Gbgy6aawYlYIx38u8DE.md index e69de29bb..88d48a859 100644 --- a/src/data/roadmaps/cyber-security/content/compliance@05Gbgy6aawYlYIx38u8DE.md +++ b/src/data/roadmaps/cyber-security/content/compliance@05Gbgy6aawYlYIx38u8DE.md @@ -0,0 +1,8 @@ +# Compliance + +Compliance in cybersecurity refers to the adherence to laws, regulations, standards, and best practices designed to protect sensitive data and ensure the security of information systems. It encompasses a wide range of requirements that organizations must meet to safeguard their digital assets and maintain the trust of customers, partners, and regulatory bodies. Common compliance frameworks include GDPR for data protection in the EU, HIPAA for healthcare information in the US, PCI DSS for payment card industry, and ISO 27001 for information security management. Compliance often involves implementing specific security controls, conducting regular audits, maintaining documentation, and demonstrating ongoing commitment to security practices. While achieving compliance can be complex and resource-intensive, it is crucial for mitigating legal and financial risks, protecting reputation, and fostering a culture of security within organizations. + +Learn more from the following resources: + +- [@article@What is Cyber Security Compliance?](https://www.comptia.org/content/articles/what-is-cybersecurity-compliance) +- [@article@Cyber Security Compliance 101](https://sprinto.com/blog/cyber-security-compliance/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/comptia-a@lbAgU5lR1O7L_5mCbNz_D.md b/src/data/roadmaps/cyber-security/content/comptia-a@lbAgU5lR1O7L_5mCbNz_D.md index c1e76faae..030b26d58 100644 --- a/src/data/roadmaps/cyber-security/content/comptia-a@lbAgU5lR1O7L_5mCbNz_D.md +++ b/src/data/roadmaps/cyber-security/content/comptia-a@lbAgU5lR1O7L_5mCbNz_D.md @@ -2,47 +2,7 @@ CompTIA A+ is an entry-level certification for IT professionals that focuses on essential knowledge and skills in computer hardware, software, and troubleshooting. This certification is widely recognized in the IT industry and can serve as a stepping stone for individuals looking to start a career in the field of information technology. -## Objectives - -The CompTIA A+ certification aims to test and validate foundational IT knowledge and skills, including: - -- Installation, configuration, and upgrading of computer hardware, peripherals, and operating systems -- Basic networking concepts and maintenance of wired and wireless networks -- Troubleshooting and repair of computer hardware, software, and networks -- Understanding the basics of mobile device hardware and networking -- Familiarity with security concepts, operating system maintenance, and disaster recovery - -## Exams - -To earn the CompTIA A+ certification, you'll need to pass two exams: - -- **CompTIA A+ 220-1001 (Core 1)**: This exam covers topics like mobile devices, networking technology, hardware, virtualization, and cloud computing. -- **CompTIA A+ 220-1002 (Core 2)**: This exam focuses on topics such as operating systems, security, software troubleshooting, and operational procedures. - -Both exams consist of 90 questions each, which you'll need to complete within 90 minutes. The passing score is 675 for Core 1 and 700 for Core 2 (on a scale of 100-900). - -## Recommended Experience - -Though the CompTIA A+ certification is designed for beginners, it's recommended that you have at least 9-12 months of hands-on experience in the lab or field before attempting the exams. If you don't have prior experience, you could consider taking a training course or working through hands-on labs to gain the required knowledge and skills. - -## Benefits - -Achieving a CompTIA A+ certification can offer several benefits, such as: - -- Establishing your credibility as an IT professional with a strong foundation in hardware, software, and networking -- Demonstrating your commitment to continuing education and career growth in the IT industry -- Improving your employability and widening your job prospects, especially for entry-level IT roles -- Serving as a prerequisite for more advanced certifications, such as CompTIA Network+ and CompTIA Security+ - -Overall, if you're an aspiring IT professional, the CompTIA A+ certification is a great starting point to kick off your IT career and begin acquiring the skills and knowledge needed to thrive in this ever-evolving industry. - - Learn more from the following resources: -- [@official@CompTIA A+ Certification](https://www.comptia.org/certifications/a) -- [@article@CompTIA A+ 220-1101 - Professor Messer's Course FREE](https://www.professormesser.com/free-a-plus-training/220-1101/220-1101-video/220-1101-training-course/) -- [@article@CompTIA A+ 220-1102 - Professor Messer's Course FREE](https://www.professormesser.com/free-a-plus-training/220-1102/220-1102-video/220-1102-training-course/) -- [@course@Total Seminars - CompTIA A+ Core 1 (220-1101)](https://www.udemy.com/course/comptia-aplus-core-1/) -- [@course@Total Seminars - CompTIA A+ Core 2 (220-1102)](https://www.udemy.com/course/comptia-aplus-core-2/) -- [@course@Dion Training - CompTIA A+ Core 1 (220-1101)](https://www.udemy.com/course/comptia-a-core-1/) -- [@course@Dion Training - CompTIA A+ Core 2 (220-1102)](https://www.udemy.com/course/comptia-a-core-2//) +- [@official@Comptia A+ Website](https://www.comptia.org/certifications/a) +- [@course@Comptia A+ Course](https://www.youtube.com/watch?v=1CZXXNKAY5o) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/comptia-linux@p34Qwlj2sjwEPR2ay1WOK.md b/src/data/roadmaps/cyber-security/content/comptia-linux@p34Qwlj2sjwEPR2ay1WOK.md index c7efc3b66..85180e8cf 100644 --- a/src/data/roadmaps/cyber-security/content/comptia-linux@p34Qwlj2sjwEPR2ay1WOK.md +++ b/src/data/roadmaps/cyber-security/content/comptia-linux@p34Qwlj2sjwEPR2ay1WOK.md @@ -2,55 +2,7 @@ The CompTIA Linux+ certification is an entry-level certification aimed at individuals who are seeking to learn and demonstrate their skills and knowledge of the Linux operating system. This certification is widely recognized in the IT industry as an essential qualification for entry-level Linux administrators and helps them gain a strong foundation in Linux system administration tasks. -## Overview +Learn more from the following resources: -- **Difficulty Level:** Beginner -- **Certification Type:** Professional -- **Exam Format:** Multiple-choice and performance-based -- **Duration:** 90 minutes -- **Number of Questions:** Maximum of 90 -- **Passing Score:** 720 (on a scale of 100-900) - -## Topics Covered - -The CompTIA Linux+ certification covers various aspects related to Linux, including: - -- **System Architecture:** Hardware settings, boot sequence, kernel modules, and system boot. -- **Linux Installation and Package Management:** Designing hard disk layout, installing a boot manager, managing shared libraries, using Debian and RPM package management. - -- **GNU and Unix Commands:** Bash commands, text processing, redirection and pipes, and managing processes. -- **Devices, Linux Filesystems, and Filesystem Hierarchy Standard:** Creating and configuring filesystems, maintaining the integrity of filesystems, managing disk quotas, and using file permissions to control access. - -- **Shells, Scripting, and Data Management:** Customizing and writing shell scripts, managing SQL data, and using regular expressions. -- **User Interfaces and Desktops:** Installing X11, setting up display managers, and managing accessibility settings. - -- Administrative Tasks: Managing user and group accounts, automating system administration tasks, localization, and system logging. -- Essential System Services: Configuring, managing, and troubleshooting network services, time synchronization, and system logging. - -- Network Fundamentals: Addressing and routing fundamentals, troubleshooting network issues, and configuring DNS clients. -- Security: Perform security administration tasks, set up host security, and secure data with encryption. - -## Skills Gained - -By earning the CompTIA Linux+ certification, you will be equipped with the knowledge and skills to: - -- Install, configure, and maintain Linux systems. -- Perform essential Linux system administration tasks. -- Troubleshoot and resolve issues related to Linux systems. -- Implement basic security measures on Linux systems. - -## Exam Preparation - -CompTIA provides a range of study materials and resources, including: - -- CompTIA Linux+ Study Guide: Thoroughly covers the exam objectives to help you prepare for the certification. -- CompTIA Linux+ CertMaster Practice: A comprehensive online practice platform that helps you assess your knowledge and identify areas for improvement. -- CompTIA Linux+ CertMaster Learn: Interactive learning experience offering a customizable learning path, flashcards, quizzes, and assessments. - -## Conclusion - -The CompTIA Linux+ certification is an excellent starting point for aspiring Linux professionals, as it validates essential skills required for entry-level Linux administration roles. By obtaining this certification, you can enhance your career prospects and demonstrate your competence to potential employers. So, buckle up and start your Linux journey with the CompTIA Linux+ certification! - -- [@oficial@Official CompTIA Linux+](https://www.comptia.org/certifications/linux) -- [@video@CompTIA Linux+ Exam Prep (XK0-005 revision)](https://youtube.com/playlist?list=PL78ppT-_wOmuwT9idLvuoKOn6UYurFKCp&si=0OAFuOOsjko8Gg61) -- [@course@Dion Training](https://www.udemy.com/course/comptia-linux/) +- [@official@Linux+ Website](https://www.comptia.org/certifications/linux) +- [@video@Linux+ Exam Prep](https://www.youtube.com/watch?v=niPWk7tgD2Q&list=PL78ppT-_wOmuwT9idLvuoKOn6UYurFKCp) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/comptia-network@4RGbNOfMPDbBcvUFWTTCV.md b/src/data/roadmaps/cyber-security/content/comptia-network@4RGbNOfMPDbBcvUFWTTCV.md index 9bec32db0..e0c426d2c 100644 --- a/src/data/roadmaps/cyber-security/content/comptia-network@4RGbNOfMPDbBcvUFWTTCV.md +++ b/src/data/roadmaps/cyber-security/content/comptia-network@4RGbNOfMPDbBcvUFWTTCV.md @@ -2,46 +2,7 @@ The CompTIA Network+ is a highly sought-after certification for IT professionals who aim to build a solid foundation in networking concepts and practices. This certification is vendor-neutral, meaning that it covers a broad range of knowledge that can be applied to various network technologies, products, and solutions. The Network+ certification is designed for beginners in the world of IT networking, and it is recommended that you first obtain the [CompTIA A+ certification](#) before moving on to Network+. -## Topics Covered +Learn more from the following resources: -The CompTIA Network+ certification covers several essential networking topics, such as: - -- **Networking Concepts**: This includes understanding network architectures, devices, protocols, and services. -- **Infrastructure**: Learn about the various network components such as cabling, network devices, and storage. -- **Network Operations**: Gain knowledge on how to monitor, analyze, and optimize network performance, as well as maintain network documentation and policies. -- **Network Security**: Understand the fundamentals of securing a network, including access control, encryption, and firewalls. -- **Network Troubleshooting and Tools**: Learn how to troubleshoot and resolve network issues using various diagnostic tools and techniques. - -## Exam Details - -To become Network+ certified, you must pass the [N10-008 exam](https://www.comptia.org/certifications/network) or [N10-009 exam](https://www.comptia.org/certifications/network). The exam consists of: - -- Up to 90 questions, including multiple-choice and performance-based questions -- Duration: 90 minutes -- Passing Score: 720 out of 900 -- Exam Cost: $369 USD - -## Benefits of CompTIA Network+ Certification - -By earning the CompTIA Network+ certification, you can demonstrate your competency in networking fundamentals and start your journey as an IT professional. The benefits of this certification include: - -- **Increased job opportunities**: A Network+ certification showcases your knowledge in networking, which can help you land entry-level positions such as network administrator or network technician. -- **Higher salary potential**: Professionals with the Network+ certification typically enjoy higher salaries compared to their non-certified counterparts. -- **Professional growth**: Gaining the Network+ certification helps you stay up-to-date with networking technologies and sets the stage for more advanced certifications, such as [CompTIA Security+](#) or [Cisco CCNA](#). -- **Vendor-neutral**: Since the Network+ certification covers a broad range of networking topics, it is applicable to many different network environments and technologies. - -To get started with your CompTIA Network+ certification journey, [visit the official CompTIA website](https://www.comptia.org/certifications/network) for more information on the certification, exam preparation, and testing centers. - -## Preparation Resources - -- **Strengthen Networking Fundamentals:**: The CompTIA Network+ exam emphasizes understanding networking fundamentals. To build a solid foundation, grasp concepts like TCP/IP protocols, subnetting, the OSI model, network devices, and addressing schemes. - -- **Engage in Hands-on Practice:**: Theory alone won't suffice for excelling in the N10-008 or N10-009 exam. Practical experience is crucial for understanding networking concepts and troubleshooting scenarios. Take practice exams to assess your readiness and get familiar with the exam format. Additionally, work with virtual labs to enhance your practical understanding of network configurations and troubleshooting. - -Recommended resources include: - -- [@official@Official CompTIA Network+](https://www.comptia.org/certifications/network) -- [@video@CompTIA Network+ Full Course FREE [23+ Hours]](https://www.youtube.com/watch?v=xmpYfyNmWbw) -- [@article@Professor Messer’s CompTIA N10-008 Network+ Course FREE](https://www.professormesser.com/network-plus/n10-008/n10-008-video/n10-008-training-course/) -- [@course@Total Seminars](https://www.udemy.com/course/comptia-networkplus-certification/) -- [@course@Dion Training](https://www.udemy.com/course/comptia-network-009/) +- [@official@CompTIA Network+ Website](https://www.comptia.org/certifications/network) +- [@course@CompTIA Network+ Course](https://www.youtube.com/watch?v=xmpYfyNmWbw) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/comptia-security@AxeDcKK3cUtEojtHQPBw7.md b/src/data/roadmaps/cyber-security/content/comptia-security@AxeDcKK3cUtEojtHQPBw7.md index 1eb9d5ca6..c5f4f694d 100644 --- a/src/data/roadmaps/cyber-security/content/comptia-security@AxeDcKK3cUtEojtHQPBw7.md +++ b/src/data/roadmaps/cyber-security/content/comptia-security@AxeDcKK3cUtEojtHQPBw7.md @@ -2,34 +2,7 @@ CompTIA Security+ is a highly recognized and respected certification for individuals seeking to start their careers in the field of cybersecurity. This certification is vendor-neutral, meaning it doesn't focus on any specific technology or platform, and provides a solid foundation in cybersecurity principles, concepts, and best practices. -## Overview +Learn more from the following resources: -The CompTIA Security+ certification covers a variety of essential topics, including: - -- Network security -- Threat management -- Application, data, and host security -- Access control and identity management -- Cryptography -- Compliance and operational security - -Earning the Security+ certification can open the door to various entry-level cybersecurity roles such as Security Analyst, Security Engineer, or Network Security Specialist. - -## Exam Details - -To earn the CompTIA Security+ certification, candidates must pass the SY0-701 exam. The exam consists of 90 questions, which are a mix of multiple-choice and performance-based questions. Candidates are given 90 minutes to complete the exam, and a score of 750 out of 900 is required to pass. - -## Preparation Resources - -Preparation for the CompTIA Security+ exam involves a combination of self-study, instructor-led courses, and hands-on experience in the cybersecurity field. Recommended resources include: - -- [@official@Official CompTIA Security+ Study Guide](https://www.comptia.org/training/books/security-sy0-701-study-guide) -- [@official@CompTIA Security+ Certification Exam Details](https://www.comptia.org/certifications/security#examdetails) -- [@video@Professor Messer's Free Security+ Video Course](https://youtube.com/playlist?list=PLG49S3nxzAnl4QDVqK-hOnoqcSKEIDDuv&si=nwydzQ13lug4ymbl) -- [@course@Dion Training](https://www.udemy.com/course/securityplus/) -- [@course@Total Seminars](https://www.udemy.com/course/total-comptia-security-plus/) -- [@podcast@CompTIA Security+ 701 Audio Course Podcast](https://open.spotify.com/show/1Ch1IPQc9V9FULKSBc6UfO?si=994f9ee5a0a24ee6) - -While there are no formal prerequisites to take the Security+ exam, CompTIA recommends candidates have two years of experience in IT administration, focusing on security, and a CompTIA Network+ certification. - -Overall, the CompTIA Security+ certification is an excellent choice for those looking to begin their journey in cybersecurity. It provides candidates with a strong foundational knowledge, while also serving as a stepping stone for more advanced certifications in the field. +- [@official@CompTIA Security+ Website](https://www.comptia.org/certifications/security) +- [@course@CompTIA Security+ Course](https://www.youtube.com/watch?v=yLf2jRY39Rc&list=PLIhvC56v63IIyU0aBUed4qwP0nSCORAdB) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/computer-hardware-components@Ih0YZt8u9vDwYo8y1t41n.md b/src/data/roadmaps/cyber-security/content/computer-hardware-components@Ih0YZt8u9vDwYo8y1t41n.md index e2acc1165..c734d77c3 100644 --- a/src/data/roadmaps/cyber-security/content/computer-hardware-components@Ih0YZt8u9vDwYo8y1t41n.md +++ b/src/data/roadmaps/cyber-security/content/computer-hardware-components@Ih0YZt8u9vDwYo8y1t41n.md @@ -1,71 +1,10 @@ # Computer Hardware Components -When it comes to understanding basic IT skills, one cannot overlook the importance of familiarizing yourself with the essential computer hardware components. These are the physical parts that make up a computer system, and understanding their functions will help you troubleshoot issues and maintain your device better. Here's a brief overview of some of the primary computer hardware components: +Computer hardware components are the physical parts of a computer system that work together to perform computing tasks. The key components include the **central processing unit (CPU)**, which is the "brain" of the computer responsible for executing instructions and processing data. The **motherboard** is the main circuit board that connects and allows communication between the CPU, memory, and other hardware. **Random Access Memory (RAM)** serves as the computer's short-term memory, storing data that is actively being used by the CPU for quick access. -## Central Processing Unit (CPU) +The **storage device**, such as a hard disk drive (HDD) or solid-state drive (SSD), is where data is permanently stored, including the operating system, applications, and files. The **power supply unit (PSU)** provides the necessary electrical power to run the components. **Graphics processing units (GPU)**, dedicated for rendering images and videos, are important for tasks like gaming, video editing, and machine learning. Additionally, **input devices** like keyboards and mice, and **output devices** like monitors and printers, enable users to interact with the system. Together, these components make up the essential hardware of a computer, enabling it to perform various computing functions. -The CPU serves as the heart and brain of a computer. It performs all the processing inside the computer and is responsible for executing instructions, performing calculations, and managing the flow of data. +Learn more from the following resources: -**Key Points:** - -- Considered the "brain" of the computer. -- Performs all the major processes and calculations. - -## Motherboard - -The motherboard is the main circuit board that connects all components of the computer. It provides a central hub for communication between the CPU, memory, and other hardware components. - -**Key Points:** - -- Connects all other hardware components. -- Allows components to communicate with each other. - -## Memory (RAM) - -Random Access Memory (RAM) is where data is temporarily stored while the computer is powered on. The data is constantly accessed, written, and rewritten by the CPU. The more RAM a system has, the more tasks it can process simultaneously. - -**Key Points:** - -- Temporary storage for data while the computer is on. -- More RAM allows for better multitasking. - -## Storage (Hard Drives) - -Storage devices like hard disk drives (HDD) or solid-state drives (SSD) are used to store data permanently on the computer, even when the device is powered off. Operating systems, software, and user files are stored on these drives. - -**Key Points:** - -- Permanent storage for data. -- Comes in HDD and SSD types, with SSDs being faster but more expensive. - -## Graphics Processing Unit (GPU) - -The GPU is responsible for rendering images, videos, and animations on the computer screen. Its main function is to handle and display graphics, making your visuals smooth and responsive. - -**Key Points:** - -- Handles and processes graphics and visuals. -- Important for gaming, video editing, and graphic design tasks. - -## Power Supply Unit (PSU) - -The power supply unit provides the necessary power to all components in the computer. It converts the AC power from the wall socket into the DC power that the computer's components require. - -**Key Points:** - -- Provides power to all computer components. -- Converts AC power to DC power. - -## Input/Output Devices - -Input devices, such as a mouse, keyboard, or scanner, are used to interact with and input data into the computer. Output devices, like the display monitor and speakers, present information and data in a format we can understand. - -**Key Points:** - -- Input devices allow users to interact with the computer. -- Output devices present information to the user. - -By understanding these essential computer hardware components, you can enhance your knowledge of how a computer functions and improve your IT troubleshooting and maintenance skills. Happy computing! - -- [@video@What does what in your computer? Computer parts Explained](https://youtu.be/ExxFxD4OSZ0) -- [@feed@Explore top posts about Hardware](https://app.daily.dev/tags/hardware?ref=roadmapsh) +- [@video@Computer Components for Dummies](https://www.youtube.com/watch?v=cZs6kh0WFRY) +- [@article@What is computer hardware?](https://uk.crucial.com/articles/pc-builders/what-is-computer-hardware) diff --git a/src/data/roadmaps/cyber-security/content/connection-types-and-their-function@F1QVCEmGkgvz-_H5lTxY2.md b/src/data/roadmaps/cyber-security/content/connection-types-and-their-function@F1QVCEmGkgvz-_H5lTxY2.md index b75552982..d2f95e06b 100644 --- a/src/data/roadmaps/cyber-security/content/connection-types-and-their-function@F1QVCEmGkgvz-_H5lTxY2.md +++ b/src/data/roadmaps/cyber-security/content/connection-types-and-their-function@F1QVCEmGkgvz-_H5lTxY2.md @@ -1,32 +1,19 @@ # Connection Types and their function -In the realm of cyber security, understanding various connection types is crucial in maintaining a secure network environment. This section will provide you with an overview of different connection types commonly encountered in IT and their impact on security. +There are several types of network connections that enable communication between devices, each serving different functions based on speed, reliability, and purpose. **Ethernet** is a wired connection type commonly used in local area networks (LANs), providing high-speed, stable, and secure data transfer. Ethernet is ideal for businesses and environments where reliability is crucial, offering speeds from 100 Mbps to several Gbps. -## Wired Connections +**Wi-Fi**, a wireless connection, enables devices to connect to a network without physical cables. It provides flexibility and mobility, making it popular in homes, offices, and public spaces. While Wi-Fi offers convenience, it can be less reliable and slower than Ethernet due to signal interference or distance from the access point. -Ethernet is the most widespread and commonly used wired connection type. It provides a secure, high-speed data transmission between devices, such as computers, routers, and switches, using Category 5 (Cat5) or higher cables. Ethernet connections are generally considered more reliable and secure compared to wireless connections because they are less vulnerable to interference and unauthorized access. +**Bluetooth** is a short-range wireless technology primarily used for connecting peripherals like headphones, keyboards, and other devices. It operates over shorter distances, typically up to 10 meters, and is useful for personal device communication rather than networking larger systems. -## USB (Universal Serial Bus) +**Fiber-optic connections** use light signals through glass or plastic fibers to transmit data at very high speeds over long distances, making them ideal for internet backbones or connecting data centers. Fiber is faster and more reliable than traditional copper cables, but it is also more expensive to implement. -USB is a popular connection type, primarily used for connecting peripheral devices such as keyboards, mice, and storage devices to computers. While USB provides a convenient way of expanding a computer's functionality, it also poses security risks. Using untrusted USB devices can lead to the spread of malware, making it essential to ensure that only trusted devices are connected to your system. +**Cellular connections**, such as 4G and 5G, allow mobile devices to connect to the internet via wireless cellular networks. These connections offer mobility, enabling internet access from almost anywhere, but their speeds and reliability can vary depending on network coverage. -## Wireless Connections +Each connection type plays a specific role, balancing factors like speed, distance, and convenience to meet the varying needs of users and organizations. -Wi-Fi is the most prevalent wireless connection type, allowing devices to connect to the internet and each other without the need for physical cables. Although Wi-Fi provides greater flexibility and mobility, it introduces additional security risks. To minimize these risks, always use encryption (preferably WPA3 or WPA2), strong passwords, and update your router's firmware regularly. +Learn more from the following resources: -## Bluetooth - -Bluetooth is another widely used wireless connection type, primarily designed for short-range communication between devices such as smartphones, speakers, and headsets. While Bluetooth offers convenience, it can also be susceptible to attacks, such as Bluesnarfing and Bluejacking. To mitigate these risks, keep your devices updated, use Bluetooth 4.0 or higher, and disable Bluetooth when not in use. - -## Network Connections - -A VPN is a secure tunnel that creates a private network connection over a public network (such as the internet) by encrypting data transfers between devices. VPNs help protect sensitive information from being intercepted by unauthorized parties and are especially useful when accessing public Wi-Fi hotspots. Always use trusted VPN providers to ensure your data remains encrypted and private. - -## Peer-to-Peer (P2P) - -P2P is a decentralized connection type where devices connect directly with each other, without the need for a central server. P2P is commonly used for file-sharing services and can pose significant security risks if utilized without adequate security measures in place. To minimize risks, avoid using untrusted P2P services and refrain from sharing sensitive information on such networks. - -In summary, understanding and managing different connection types is an essential aspect of cyber security. By using secure connections and taking preventive measures, you can reduce the risk of unauthorized access, data breaches, and other malicious activities. - -- [@video@Connection & Service Types Pt. 1](https://youtu.be/TzEMiD2mc-Q) -- [@video@Connection & Services Types Pt. 2 ](https://youtu.be/4N3M1aKzoyQ) \ No newline at end of file +- [@article@What is ethernet?](https://www.techtarget.com/searchnetworking/definition/Ethernet) +- [@article@What is WiFi and how does it work?](https://computer.howstuffworks.com/wireless-network.htm) +- [@article@How bluetooth works](https://electronics.howstuffworks.com/bluetooth.htm) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/containment@l7WnKuR2HTD4Vf9U2TxkK.md b/src/data/roadmaps/cyber-security/content/containment@l7WnKuR2HTD4Vf9U2TxkK.md index 386de2d5d..1ccf57d5c 100644 --- a/src/data/roadmaps/cyber-security/content/containment@l7WnKuR2HTD4Vf9U2TxkK.md +++ b/src/data/roadmaps/cyber-security/content/containment@l7WnKuR2HTD4Vf9U2TxkK.md @@ -1,26 +1,8 @@ # Containment -In the Incident Response Process, containment is the step where the identified threat is controlled to prevent any further damage to the system and organization, while maintaining the integrity of the collected incident data. The primary goal of containment is to limit the attack's scope and prevent any further compromises. +Containment in cybersecurity refers to the process of limiting the impact of a security incident by isolating affected systems, networks, or data to prevent further spread or damage. When a breach or malware infection is detected, containment strategies are quickly implemented to halt the attack's progress, often by disconnecting compromised systems from the network, blocking malicious traffic, or restricting user access. Containment is a critical step in incident response, allowing security teams to control the situation while they investigate the root cause, assess the extent of the breach, and prepare for remediation. Effective containment minimizes the potential harm to the organization, preserving the integrity of unaffected systems and data. -## Short-term and Long-term Containment +Learn more from the following resources: -There are two main types of containment measures that need to be applied depending on the nature of the incident: short-term and long-term containment. - -## Short-term Containment - -These measures are focused on stopping the immediate threat by disconnecting affected systems, blocking harmful IP addresses, or temporarily disabling the vulnerable service. However, these steps might result in the loss of valuable incident data, so it is essential to balance these actions against preserving evidence necessary for further investigation. - -## Long-term Containment - -Long-term containment focuses on implementing more sustainable solutions to address the root cause of the incident, such as updating security patches, configuring firewalls, and implementing access control measures. These actions are taken to prevent reoccurrence and must be performed in parallel with the recovery phase to ensure a comprehensive Incident Response Process. - -## Key Steps in Containment - -The following are some key steps that you should follow during the containment phase: - -- **Isolate** - Segregate the affected systems from the rest of the network to stop the spread of the threat. -- **Preserve Evidence** - Securely capture relevant logs and data for future analysis and investigation. -- **Implement Temporary Measures** - Take immediate actions to block the attacker and secure the environment while minimizing disruption. -- **Update Containment Strategy** - Integrate lessons learned from previous incidents and external resources to continuously improve your containment process. - -By properly executing the containment phase of the Incident Response Process, you will be well-prepared to eradicate the root cause of the cyber security threat and recover your affected systems with minimal damage to your organization. +- [@article@Microsoft security incident management: Containment, eradication, and recovery](https://learn.microsoft.com/en-us/compliance/assurance/assurance-sim-containment-eradication-recovery) +- [@article@Containment - AWS](https://docs.aws.amazon.com/whitepapers/latest/aws-security-incident-response-guide/containment.html) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/core-concepts-of-zero-trust@HavEL0u65ZxHt92TfbLzk.md b/src/data/roadmaps/cyber-security/content/core-concepts-of-zero-trust@HavEL0u65ZxHt92TfbLzk.md index 7aa739be0..744085e20 100644 --- a/src/data/roadmaps/cyber-security/content/core-concepts-of-zero-trust@HavEL0u65ZxHt92TfbLzk.md +++ b/src/data/roadmaps/cyber-security/content/core-concepts-of-zero-trust@HavEL0u65ZxHt92TfbLzk.md @@ -1,31 +1,8 @@ # Core Concepts of Zero Trust -_Zero Trust_ is a modern security framework that addresses the ever-evolving threat landscape in the digital world. It emphasizes the idea of "never trust, always verify". This approach requires organizations to abandon the traditional perimeter-based security models and adopt a more comprehensive, holistic approach to protecting their data and assets. +The core concepts of Zero Trust revolve around the principle of "never trust, always verify," emphasizing the need to continuously validate every user, device, and application attempting to access resources, regardless of their location within or outside the network perimeter. Unlike traditional security models that rely on a strong perimeter defense, Zero Trust assumes that threats could already exist inside the network and that no entity should be trusted by default. Key principles include strict identity verification, least privilege access, micro-segmentation, and continuous monitoring. This approach limits access to resources based on user roles, enforces granular security policies, and continuously monitors for abnormal behavior, ensuring that security is maintained even if one segment of the network is compromised. Zero Trust is designed to protect modern IT environments from evolving threats by focusing on securing data and resources, rather than just the network perimeter. -## Core Principles +Learn more from the following resources: -- **Deny trust by default**: Assume all network traffic, both inside and outside the organization, is potentially malicious. Do not trust any user, device, or application just because they are within the network perimeter. - -- **Verify every request**: Authenticate and authorize all requests (even for those from within the network) before granting access to any resource. Ensure that each user, device, or application is properly identified, and their access to resources is appropriate based on their role, rights, and privileges. - -- **Apply least privilege**: Limit users, applications, and devices to the minimum level of access required to perform their functions. This minimizes the risk of unauthorized access, and reduces the potential attack surface. - -- **Segment networks**: Isolate and segregate different parts of the network to limit the potential impact of a breach. If an attacker gains access to one segment, they should not be able to move laterally across the network and access other sensitive data. - -- **Inspect and log all traffic**: Actively monitor, analyze, and log network traffic to identify potential security incidents and perform forensic investigations. This provides valuable insights for security teams to continuously improve their security posture and detect early signs of malicious activities. - -## Benefits - -- **Reduced attack surface**: Limiting access to sensitive resources and segmenting the network makes it more challenging for attackers to compromise systems and access valuable data. - -- **Enhanced visibility and monitoring**: By continuously inspecting and logging all traffic, security teams can gain unprecedented levels of visibility, helping them identify potential threats and attacks more effectively. - -- **Improved compliance and governance**: Implementing a Zero Trust model reinforces an organization's compliance and governance posture, ensuring access to sensitive data is only granted to authorized users. - -- **Adaptability**: A Zero Trust approach can be applied to a wide range of environments and can be tailored to meet the specific security needs and objectives of an organization. - -By implementing a Zero Trust framework, an organization can strengthen its security posture, safeguard against internal and external threats, and maintain control over their critical assets in an increasingly interconnected world. - -Visit the following resources to learn more: - -- [@video@Zero Trust - Professor Messer](https://www.youtube.com/watch?v=zC_Pndpg8-c) +- [@article@What is a zero trust network?](https://www.cloudflare.com/en-gb/learning/security/glossary/what-is-zero-trust/) +- [@video@Zero trust explained in 4 minutes](https://www.youtube.com/watch?v=yn6CPQ9RioA) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/crest@rA1skdztev3-8VmAtIlmr.md b/src/data/roadmaps/cyber-security/content/crest@rA1skdztev3-8VmAtIlmr.md index ec6aa44a0..7f6e18a57 100644 --- a/src/data/roadmaps/cyber-security/content/crest@rA1skdztev3-8VmAtIlmr.md +++ b/src/data/roadmaps/cyber-security/content/crest@rA1skdztev3-8VmAtIlmr.md @@ -2,25 +2,7 @@ CREST is a non-profit, accreditation and certification body that represents the technical information security industry. Established in 2008, its mission is to promote the development and professionalization of the cyber security sector. CREST provides certifications for individuals and accreditations for companies, helping customers find knowledgeable and experienced professionals in the field. -## CREST Examinations and Certifications +Learn more from the following resources: -CREST offers various examinations and certifications, including: - -- **CREST Practitioner Security Analyst (CPSA)**: This is an entry-level certification for individuals looking to demonstrate their knowledge and competence in vulnerability assessment and penetration testing. Passing the CPSA exam is a prerequisite for taking other CREST technical examinations. - -- **CREST Registered Penetration Tester (CRT)**: This certification is aimed at professionals with a solid understanding of infrastructure and web application penetration testing. CRT holders have demonstrated practical skills in identifying and exploiting vulnerabilities in a controlled environment. - -- **CREST Certified Infrastructure Tester (CCIT)** and **CREST Certified Web Application Tester (CCWAT)**: These advanced certifications require candidates to have a deep technical understanding and practical skills in infrastructure or web application testing, respectively. These certifications are intended for experienced professionals who can perform in-depth technical assessments and identify advanced security vulnerabilities. - -- **CREST Certified Simulated Attack Manager (CCSAM)** and **CREST Certified Simulated Attack Specialist (CCSAS)**: These certifications focus on the planning, scoping, and management of simulated attack engagements, or red teaming. They require candidates to have experience in both the technical and managerial aspects of coordinated cyber attacks. - -## Benefits of CREST Certifications - -Obtaining CREST certifications provides several benefits, such as: - -- Increased credibility and recognition within the cyber security industry -- Validation of your technical knowledge and expertise -- Access to resources and support through the CREST community -- Assurance for employers and clients that you're skilled and trustworthy - -In the rapidly evolving field of cyber security, CREST certifications demonstrate a commitment to continuous learning, growth, and professionalism. \ No newline at end of file +- [@official@CREST Certifications Website](https://www.crest-approved.org/skills-certifications-careers/crest-certifications/) +- [@video@A brief overview of CREST](https://www.youtube.com/watch?v=Cci5qrv8fHY) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/csf@HjfgaSEZjW9BOXy_Ixzkk.md b/src/data/roadmaps/cyber-security/content/csf@HjfgaSEZjW9BOXy_Ixzkk.md index 35c9c2ed7..bf662bf5e 100644 --- a/src/data/roadmaps/cyber-security/content/csf@HjfgaSEZjW9BOXy_Ixzkk.md +++ b/src/data/roadmaps/cyber-security/content/csf@HjfgaSEZjW9BOXy_Ixzkk.md @@ -1,35 +1,8 @@ -# CSF - -## Cybersecurity Framework (CSF) Summary +# Cybersecurity Framework (CSF) The Cybersecurity Framework (CSF) is a set of guidelines aimed at helping organizations better protect their critical infrastructure from cyber threats. Developed by the National Institute of Standards and Technology (NIST), this voluntary framework provides a flexible, risk-based approach to managing cybersecurity risks. -## Key Components of CSF - -CSF comprises three key components: - -- **Core** - Consists of five functions, each representing a high-level cybersecurity activity: - - - Identify: Understand the organization's cybersecurity risks. - - Protect: Implement safeguards to protect the critical infrastructure. - - Detect: Identify the occurrence of a potential cybersecurity event. - - Respond: Develop and implement appropriate actions to address detected cybersecurity events. - - Recover: Implement plans to restore systems and services after a cybersecurity incident. - -- **Tiers** - Provide context for organizations to consider the robustness of their cybersecurity program: - - - Tier 1: Partial – Minimal cybersecurity risk management practices. - - Tier 2: Risk Informed – Risk management practices in place, but not consistently applied. - - Tier 3: Repeatable – Risk management practices are consistent across the organization. - - Tier 4: Adaptive – Proactive approach to managing cybersecurity risks. - -- **Profiles** - Organizations create profiles to align their cybersecurity activities with their organizational goals, risk tolerance, and resources. A target profile represents desired outcomes, whereas a current profile reflects the current state of cybersecurity programs. - -## Benefits of Implementing CSF - -- Enhanced understanding of cybersecurity risks and corresponding management strategies within an organization. -- Improved ability to prioritize cybersecurity investments based on risk assessments. -- Strengthened communication between different departments and stakeholders regarding cybersecurity expectations and progress. -- Compliance with industry standards and guidelines, including support for organizations subject to regulatory requirements. +Learn more from the following resources: -CSF offers organizations a structured approach to improving their cybersecurity posture. By following this framework, organizations can manage their cybersecurity risks more effectively, create a stronger defense against cyberattacks, and maintain the resilience of their critical infrastructure. \ No newline at end of file +- [@official@NIST Cybersecurity Framework](https://www.nist.gov/cyberframework) +- [@video@NIST Cybersecurity Framework Explained](https://www.youtube.com/watch?v=_KXqDNVmpu8) diff --git a/src/data/roadmaps/cyber-security/content/csrf@pK2iRArULlK-B3iSVo4-n.md b/src/data/roadmaps/cyber-security/content/csrf@pK2iRArULlK-B3iSVo4-n.md index e69de29bb..4ba863576 100644 --- a/src/data/roadmaps/cyber-security/content/csrf@pK2iRArULlK-B3iSVo4-n.md +++ b/src/data/roadmaps/cyber-security/content/csrf@pK2iRArULlK-B3iSVo4-n.md @@ -0,0 +1,8 @@ +# Cross-Site Request Forgery (CSRF) + +Cross-Site Request Forgery (CSRF) is a type of web security vulnerability that allows an attacker to trick a user into performing actions on a web application without their consent. It occurs when a malicious website or link causes a user’s browser to send unauthorized requests to a different site where the user is authenticated, such as submitting a form or changing account settings. Since the requests are coming from the user’s authenticated session, the web application mistakenly trusts them, allowing the attacker to perform actions like transferring funds, changing passwords, or altering user data. CSRF attacks exploit the trust that a web application has in the user's browser, making it critical for developers to implement countermeasures like CSRF tokens, same-site cookie attributes, and user confirmation prompts to prevent unauthorized actions. + +Learn more from the following resources: + +- [@video@Cross-Site Request Forgery Explained](https://www.youtube.com/watch?v=eWEgUcHPle0) +- [@article@Cross-Site Request Forgery](https://owasp.org/www-community/attacks/csrf) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/curl@W7iQUCjODGYgE4PjC5TZI.md b/src/data/roadmaps/cyber-security/content/curl@W7iQUCjODGYgE4PjC5TZI.md index d0e8f82f4..ad8d101c2 100644 --- a/src/data/roadmaps/cyber-security/content/curl@W7iQUCjODGYgE4PjC5TZI.md +++ b/src/data/roadmaps/cyber-security/content/curl@W7iQUCjODGYgE4PjC5TZI.md @@ -2,62 +2,7 @@ Curl is a versatile command-line tool primarily used for transferring data using various network protocols. It is widely used in cybersecurity and development for the purpose of testing and interacting with web services, APIs, and scrutinizing web application security. Curl supports various protocols such as HTTP, HTTPS, FTP, SCP, SFTP, and many more. -**Features of Curl:** +Learn more from the following resources: -- Provides support for numerous protocols. -- Offers SSL/TLS certificates handling and authentication. -- Customizable HTTP request headers and methods. -- Proxies and redirections support. -- IPv6 support. - -## Common Curl Use Cases in Cybersecurity: - -- **HTTP Requests:** - Curl can be used to test and troubleshoot web services by making GET or POST requests, specifying headers, or sending data. You can also use it to automate certain tasks. - - GET Request Example: - - ``` - curl https://example.com - ``` - - POST Request Example: - - ``` - curl -X POST -d "data=sample" https://example.com - ``` - -- **HTTPS with SSL/TLS:** - Curl can be utilized to verify and test SSL/TLS configurations and certificates for web services. - - Test a site's SSL/TLS configuration: - - ``` - curl -Iv https://example.com - ``` - -- **File Transfers:** - Curl can be used for transferring files using protocols like FTP, SCP, and SFTP. - - FTP Example: - - ``` - curl -u username:password ftp://example.com/path/to/file - ``` - -- **Web Application Testing:** - Curl can help you find vulnerabilities in web applications by sending customized HTTP requests, injecting payloads or exploiting their features. - - Send Cookie Example: - - ``` - curl -H "Cookie: session=12345" https://example.com - ``` - - Detect Server Software Example: - - ``` - curl -I https://example.com - ``` - -Curl is a powerful tool in the arsenal of anyone working in cybersecurity. Understanding and mastering its usage can greatly enhance your capabilities when dealing with various network protocols, web services, and web applications. \ No newline at end of file +- [@article@What is the cURL command?](https://blog.hubspot.com/website/curl-command) +- [@video@You need to know how to use cURL](https://www.youtube.com/watch?v=q2sqkvXzsw8) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/cyber-kill-chain@H38Vb7xvuBJXVzgPBdRdT.md b/src/data/roadmaps/cyber-security/content/cyber-kill-chain@H38Vb7xvuBJXVzgPBdRdT.md index 1b26dc855..ff03af00a 100644 --- a/src/data/roadmaps/cyber-security/content/cyber-kill-chain@H38Vb7xvuBJXVzgPBdRdT.md +++ b/src/data/roadmaps/cyber-security/content/cyber-kill-chain@H38Vb7xvuBJXVzgPBdRdT.md @@ -12,6 +12,7 @@ The concept is based on a military model, where the term "kill chain" represents - **Command and Control (C2)**: The attacker establishes a communication channel with the infected system, allowing them to remotely control the malware and conduct further actions. - **Actions on Objectives**: In this final phase, the attacker achieves their goal, which may involve stealing sensitive data, compromising systems, or disrupting services. -Understanding and analyzing the Cyber Kill Chain helps organizations and individuals take a more proactive approach to cybersecurity. By recognizing the signs of an attack at each stage, appropriate countermeasures can be employed to either prevent or minimize the damage from the attack. +Learn more from the following resources: -By staying informed and diligently employing security best practices, you can effectively protect your digital assets and contribute to a safer cyberspace. +- [@official@Cyber Kill Chain](https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html) +- [@video@Learn the Cyber Kill Chain](https://www.youtube.com/watch?v=oCUrkc_0tmw) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/dd@9xbU_hrEOUtMm-Q09Fe6t.md b/src/data/roadmaps/cyber-security/content/dd@9xbU_hrEOUtMm-Q09Fe6t.md index 4566a0d66..0cefa2cb5 100644 --- a/src/data/roadmaps/cyber-security/content/dd@9xbU_hrEOUtMm-Q09Fe6t.md +++ b/src/data/roadmaps/cyber-security/content/dd@9xbU_hrEOUtMm-Q09Fe6t.md @@ -4,40 +4,7 @@ This command-line utility is available on Unix-based systems such as Linux, BSD, and macOS. It can perform tasks like data duplication, data conversion, and error correction. Most importantly, it's an invaluable tool for obtaining a bit-by-bit copy of a disk or file, which can then be analyzed using forensic tools. -## Use Cases: +Learn more from the following resources: -Some of the common use cases of `dd` in cybersecurity include: - -- Creating an exact copy of a disk or file for forensic analysis. -- Retrieving deleted files from a disk image. -- Performing data recovery on damaged disks. -- Copying data between devices or files quickly and reliably. - -## General Syntax: - -``` -dd if= of= bs= count= skip= seek= -``` - -- `if`: The input file or device to read from. -- `of`: The output file or device to write to. -- `bs`: The number of bytes to read and write at a time. -- `count`: The number of blocks to copy. -- `skip`: The number of input blocks to skip before starting to copy. -- `seek`: The number of output blocks to skip before starting to copy. - -You can simply skip the `count`, `skip`, and `seek` option for default behaviour. - -## Example: - -Let's say you need to create a forensically sound image of a suspect's USB drive for analysis. You would typically use a command like this: - -```bash -dd if=/dev/sdb1 of=~/usb_drive_image.img bs=4096 -``` - -In this example, `dd` creates an exact image of the USB drive (`/dev/sdb1`) and writes it to a new file in your home directory called `usb_drive_image.img`. - -Be cautious while using `dd` as it can overwrite and destroy data if used incorrectly. Always verify the input and output files and make sure to have backups of important data. - -By mastering the `dd` utility, you'll have a powerful forensic imaging tool at your disposal which will undoubtedly enhance your cybersecurity incident response and discovery capabilities. \ No newline at end of file +- [@video@How to use the dd command in Linux](https://www.youtube.com/watch?v=hsDxcJhCRLI) +- [@article@When and how to use the dd command](https://www.baeldung.com/linux/dd-command) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/default-gateway@5rKaFtjYx0n2iF8uTLs8X.md b/src/data/roadmaps/cyber-security/content/default-gateway@5rKaFtjYx0n2iF8uTLs8X.md index 47f597726..1e93ca9bf 100644 --- a/src/data/roadmaps/cyber-security/content/default-gateway@5rKaFtjYx0n2iF8uTLs8X.md +++ b/src/data/roadmaps/cyber-security/content/default-gateway@5rKaFtjYx0n2iF8uTLs8X.md @@ -1,25 +1,8 @@ # default gateway -In our journey through IP terminology, we now arrive at the topic of **Default Gateway**. Understanding the role and importance of the default gateway in a network is crucial for grasping the fundamentals of cyber security and data routing. +A default gateway is a network node, typically a router or a firewall, that serves as the access point or intermediary between a local network and external networks, such as the internet. When a device on a local network needs to communicate with a device outside its own subnet—such as accessing a website or sending an email—it sends the data to the default gateway, which then routes it to the appropriate external destination. The default gateway acts as a traffic director, ensuring that data packets are correctly forwarded between the internal network and external networks, making it a crucial component for enabling communication beyond the local network's boundaries. -## Overview +Learn more from the following resources: -The default gateway is basically a device (usually a router) on a network which serves as an access point for data traffic to travel from the local network to other networks, such as the internet. This device acts as a "middleman" between your computer and external networks, and is often set up by your internet service provider (ISP) or during the configuration of your own router. - -## Role in Networks - -In a nutshell, the default gateway plays the following roles: - -- **Packet Routing**: It directs the network packets from your local computer or device to their ultimate destination. When a packet with a destination IP address is not on the same network as the source device, the default gateway routes the packet to the appropriate external network. - -- **Address Resolution Protocol (ARP)**: The default gateway obtains the physical address (MAC address) of a computer that is located on another network by using ARP. - -- **Protection**: In many cases, the default gateway also serves as a layer of network protection by restricting access to certain external networks, as well as regulating traffic from the internet. - -## Configuration - -To benefit from the services of a default gateway, your device needs to be properly configured. Most devices and operating systems obtain their network settings (including the default gateway address) automatically using DHCP. But you can also configure network settings manually if needed. - -**Note**: Each device connected to a network must have a unique IP address. Also, remember that devices on the same network should use the same default gateway address. - -In conclusion, recognizing the significance of the default gateway and having a working knowledge of how it functions is an essential part of IP terminology, affecting both cyber security and efficient data routing. Continuing your education on the subject will better equip you to take advantage of your devices' networking features, as well as protect your valuable data from potential cyber threats. +- [@article@What is a default gateway?](https://nordvpn.com/blog/what-is-a-default-gateway/?srsltid=AfmBOoosi5g4acnT9Gv_B86FMGr72hWDhk8J-4jr1HvxPCSu96FikCyw) +- [@video@Routers and Default Gateways](https://www.youtube.com/watch?v=JOomC1wFrbU) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/dhcp@R5HEeh6jwpQDo27rz1KSH.md b/src/data/roadmaps/cyber-security/content/dhcp@R5HEeh6jwpQDo27rz1KSH.md index 84af76ccf..3707cd686 100644 --- a/src/data/roadmaps/cyber-security/content/dhcp@R5HEeh6jwpQDo27rz1KSH.md +++ b/src/data/roadmaps/cyber-security/content/dhcp@R5HEeh6jwpQDo27rz1KSH.md @@ -1,23 +1,8 @@ -# DHCP +# Dynamic Host Configuration Protocol (DHCP) -**Dynamic Host Configuration Protocol (DHCP)** is a network protocol that enables automatic assignment of IP addresses to devices on a network. It is an essential component of IP networking and aims to simplify the process of configuring devices to communicate over an IP-based network. +The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used to automatically assign IP addresses and other network configuration details, such as subnet masks, default gateways, and DNS servers, to devices on a network. When a device, such as a computer or smartphone, connects to a network, it sends a request to the DHCP server, which then dynamically assigns an available IP address from a defined range and provides the necessary configuration information. This process simplifies network management by eliminating the need for manual IP address assignment and reduces the risk of IP conflicts, ensuring that devices can seamlessly join the network and communicate with other devices and services. -## Key Features of DHCP +Learn more from the following resources: -- **Automatic IP Address Assignment**: DHCP eliminates the need for manual IP address assignment by automatically providing devices with the necessary IP addresses, reducing the risk of duplicate addressing. -- **Network Configuration**: In addition to IP addresses, DHCP can also provide other essential network information such as subnet mask, default gateway, and DNS server information. -- **IP Address Reuse**: When a device leaves the network or no longer needs an IP address, DHCP allows the address to be reused and assigned to a different device. -- **Lease Duration**: DHCP assigns IP addresses for a specific period called a "lease." After a lease expires, the device must request a new IP address or get its current address renewed. - -## How DHCP Works - -The DHCP process consists of four main steps: - -- **DHCP Discover**: A device (client) looking to join a network sends a broadcast message known as a "DHCP Discover" message to locate a DHCP server. -- **DHCP Offer**: Upon receiving the "DHCP Discover" broadcast, the DHCP server responds with a unicast "DHCP Offer" message containing the necessary network configuration information (e.g., IP address) for the client. -- **DHCP Request**: The client receives the offer and sends back a "DHCP Request" message to confirm the IP address assignment and other network information. -- **DHCP Acknowledgment (ACK)**: Finally, the DHCP server sends an "ACK" message confirming the successful assignment of IP address and network settings. The client can now use the allocated IP address to communicate over the network. - -## Importance in Cyber Security - -Understanding DHCP is crucial for network professionals and cyber security experts as it can be a potential attack vector. Adversaries can exploit DHCP by setting up rogue DHCP servers on the network, conducting man-in-the-middle attacks or even conducting denial-of-service attacks. Consequently, securing DHCP servers, monitoring network traffic for anomalies, and employing strong authentication and authorization methods are essential practices for maintaining network security. \ No newline at end of file +- [@video@What is DHCP and how does it work?](https://www.youtube.com/watch?v=ldtUSSZJCGg) +- [@article@Dynamic Host Configuration Protocol (DHCP)](https://learn.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-top) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/dhcp@T4312p70FqRBkzVfWKMaR.md b/src/data/roadmaps/cyber-security/content/dhcp@T4312p70FqRBkzVfWKMaR.md index 84af76ccf..3707cd686 100644 --- a/src/data/roadmaps/cyber-security/content/dhcp@T4312p70FqRBkzVfWKMaR.md +++ b/src/data/roadmaps/cyber-security/content/dhcp@T4312p70FqRBkzVfWKMaR.md @@ -1,23 +1,8 @@ -# DHCP +# Dynamic Host Configuration Protocol (DHCP) -**Dynamic Host Configuration Protocol (DHCP)** is a network protocol that enables automatic assignment of IP addresses to devices on a network. It is an essential component of IP networking and aims to simplify the process of configuring devices to communicate over an IP-based network. +The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used to automatically assign IP addresses and other network configuration details, such as subnet masks, default gateways, and DNS servers, to devices on a network. When a device, such as a computer or smartphone, connects to a network, it sends a request to the DHCP server, which then dynamically assigns an available IP address from a defined range and provides the necessary configuration information. This process simplifies network management by eliminating the need for manual IP address assignment and reduces the risk of IP conflicts, ensuring that devices can seamlessly join the network and communicate with other devices and services. -## Key Features of DHCP +Learn more from the following resources: -- **Automatic IP Address Assignment**: DHCP eliminates the need for manual IP address assignment by automatically providing devices with the necessary IP addresses, reducing the risk of duplicate addressing. -- **Network Configuration**: In addition to IP addresses, DHCP can also provide other essential network information such as subnet mask, default gateway, and DNS server information. -- **IP Address Reuse**: When a device leaves the network or no longer needs an IP address, DHCP allows the address to be reused and assigned to a different device. -- **Lease Duration**: DHCP assigns IP addresses for a specific period called a "lease." After a lease expires, the device must request a new IP address or get its current address renewed. - -## How DHCP Works - -The DHCP process consists of four main steps: - -- **DHCP Discover**: A device (client) looking to join a network sends a broadcast message known as a "DHCP Discover" message to locate a DHCP server. -- **DHCP Offer**: Upon receiving the "DHCP Discover" broadcast, the DHCP server responds with a unicast "DHCP Offer" message containing the necessary network configuration information (e.g., IP address) for the client. -- **DHCP Request**: The client receives the offer and sends back a "DHCP Request" message to confirm the IP address assignment and other network information. -- **DHCP Acknowledgment (ACK)**: Finally, the DHCP server sends an "ACK" message confirming the successful assignment of IP address and network settings. The client can now use the allocated IP address to communicate over the network. - -## Importance in Cyber Security - -Understanding DHCP is crucial for network professionals and cyber security experts as it can be a potential attack vector. Adversaries can exploit DHCP by setting up rogue DHCP servers on the network, conducting man-in-the-middle attacks or even conducting denial-of-service attacks. Consequently, securing DHCP servers, monitoring network traffic for anomalies, and employing strong authentication and authorization methods are essential practices for maintaining network security. \ No newline at end of file +- [@video@What is DHCP and how does it work?](https://www.youtube.com/watch?v=ldtUSSZJCGg) +- [@article@Dynamic Host Configuration Protocol (DHCP)](https://learn.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-top) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/diamond-model@AY-hoPGnAZSd1ExaYX8LR.md b/src/data/roadmaps/cyber-security/content/diamond-model@AY-hoPGnAZSd1ExaYX8LR.md index e69de29bb..12a791eb9 100644 --- a/src/data/roadmaps/cyber-security/content/diamond-model@AY-hoPGnAZSd1ExaYX8LR.md +++ b/src/data/roadmaps/cyber-security/content/diamond-model@AY-hoPGnAZSd1ExaYX8LR.md @@ -0,0 +1,8 @@ +# Diamond Model + +The Diamond Model is a cybersecurity framework used for analyzing and understanding cyber threats by breaking down an attack into four core components: Adversary, Infrastructure, Capability, and Victim. The Adversary represents the entity behind the attack, the Infrastructure refers to the systems and resources used by the attacker (such as command and control servers), the Capability denotes the tools or malware employed, and the Victim is the target of the attack. The model emphasizes the relationships between these components, helping analysts to identify patterns, track adversary behavior, and understand the broader context of cyber threats. By visualizing and connecting these elements, the Diamond Model aids in developing more effective detection, mitigation, and response strategies. + +Learn more from the following resources: + +- [@article@The Diamond Model: Simple Intelligence-Driven Intrusion Analysis](https://kravensecurity.com/diamond-model-analysis/) +- [@video@The Diamond Model for Intrusion Detection](https://www.youtube.com/watch?v=3AOKomsmeUY) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/different-versions-and-differences@yXOGqlufAZ69uiBzKFfh6.md b/src/data/roadmaps/cyber-security/content/different-versions-and-differences@yXOGqlufAZ69uiBzKFfh6.md index 6ce5895c4..d4d476e2d 100644 --- a/src/data/roadmaps/cyber-security/content/different-versions-and-differences@yXOGqlufAZ69uiBzKFfh6.md +++ b/src/data/roadmaps/cyber-security/content/different-versions-and-differences@yXOGqlufAZ69uiBzKFfh6.md @@ -22,4 +22,5 @@ When we talk about differences in the context of cybersecurity, they can refer t - **Threat Differences**: Various types of cyber threats exist (e.g., malware, phishing, denial-of-service attacks), and it is crucial to understand their differences in order to implement the most effective countermeasures. -To sum up, keeping up with different versions of software and understanding the differences between technologies and threats are vital steps in maintaining a strong cyber security posture. Always update your software to the latest version, and continuously educate yourself on emerging threats and technologies to stay one step ahead of potential cyber attacks. \ No newline at end of file +Learn more from the following resources: + diff --git a/src/data/roadmaps/cyber-security/content/dig@D2YYv1iTRGken75sHO0Gt.md b/src/data/roadmaps/cyber-security/content/dig@D2YYv1iTRGken75sHO0Gt.md index 68a3fcc57..ef43082f7 100644 --- a/src/data/roadmaps/cyber-security/content/dig@D2YYv1iTRGken75sHO0Gt.md +++ b/src/data/roadmaps/cyber-security/content/dig@D2YYv1iTRGken75sHO0Gt.md @@ -2,37 +2,7 @@ `dig`, short for the Domain Information Groper, is a powerful and flexible command-line tool used to perform DNS queries and obtain valuable information about domains, IPs, and DNS records. This utility, available on UNIX-based systems like Linux and macOS, provides an essential function to help diagnose and resolve various issues related to domain name resolution and network connectivity. It is highly useful for network administrators and cybersecurity professionals when troubleshooting DNS-related problems. -## Features +Learn more from the following resources: -- **DNS Querying**: `dig` can retrieve various types of DNS records such as A, AAAA, MX, NS, CNAME, and many others. -- **Flexibility**: With various command-line options, `dig` allows users to customize their queries easily. -- **User-friendly Formatting**: `dig` provides readable and straightforward responses, simplifying the interpretation of DNS records and related information. -- **Batch Mode**: The tool enables users to perform multiple DNS queries in a batch file, increasing efficiency. - -## Basic Usage - -Here's a basic example of how to use `dig` to perform a DNS query: - -``` -dig example.com -``` - -This command will return the A (IPv4) record for `example.com`. - -To perform a specific type of DNS query, such as fetching an AAAA (IPv6) record, use the following command: - -``` -dig example.com AAAA -``` - -## Common Options - -Some common options to use with `dig` include: - -- `+short`: Condenses the output, providing only essential information. -- `-t`: Specifies the type of DNS record to query (e.g., `A`, `AAAA`, `MX`, `NS`, etc.). -- `+tcp`: Forces `dig` to use TCP instead of the default UDP for the DNS query. - -## Conclusion - -In summary, `dig` is a valuable command-line tool for performing DNS queries and troubleshooting domain name resolution problems. Its power and flexibility make it an essential tool for any network administrator or cybersecurity professional. +- [@video@How to look up DNS records with dig](https://www.youtube.com/watch?v=3AOKomsmeUY) +- [@article@How to use Linux dig command](https://www.google.com/search?client=firefox-b-d&q=linux+dig+command) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/dig@XyaWZZ45axJMKXoWwsyFj.md b/src/data/roadmaps/cyber-security/content/dig@XyaWZZ45axJMKXoWwsyFj.md index 13b2f2e8e..ef43082f7 100644 --- a/src/data/roadmaps/cyber-security/content/dig@XyaWZZ45axJMKXoWwsyFj.md +++ b/src/data/roadmaps/cyber-security/content/dig@XyaWZZ45axJMKXoWwsyFj.md @@ -1,107 +1,8 @@ # dig -Dig, short for Domain Information Groper, is a command-line tool used to query Domain Name System (DNS) servers to obtain valuable information about DNS records. Dig is available on most Unix-based systems, including Linux and macOS, and can also be installed on Windows. +`dig`, short for the Domain Information Groper, is a powerful and flexible command-line tool used to perform DNS queries and obtain valuable information about domains, IPs, and DNS records. This utility, available on UNIX-based systems like Linux and macOS, provides an essential function to help diagnose and resolve various issues related to domain name resolution and network connectivity. It is highly useful for network administrators and cybersecurity professionals when troubleshooting DNS-related problems. -As part of your incident response toolkit, dig helps you to discover essential domain details such as domain's IP addresses, mail server details, name servers, and more. This can be crucial when tracking down a cyberattack or monitoring the DNS health of your own organization. +Learn more from the following resources: -## Installation - -For Linux and macOS systems, dig is usually pre-installed as part of the BIND (Berkeley Internet Name Domain) package. To check if dig is installed, execute the following command: - -``` -dig -v -``` - -If the command is not found, install it using your system's package manager: - -- For Debian-based systems (Debian, Ubuntu, etc.): - - ``` - sudo apt-get install dnsutils - ``` - -- For Red Hat-based systems (RHEL, CentOS, Fedora, etc.): - - ``` - sudo yum install bind-utils - ``` - -- For macOS: - - ``` - brew install bind - ``` - -- For Windows, download the BIND package from the [official website](https://www.isc.org/download/) and follow the installation instructions. - -## Basic Usage - -The basic syntax for using dig is: - -``` -dig [options] [name] [record type] -``` - -Where `options` can be various command-line flags, `name` is the domain name you want to query, and `record type` is the type of DNS record you want to fetch (e.g., A, MX, NS, TXT, etc.). - -Here are a few examples: - -- To query the IP addresses (A records) of example.com: - - ``` - dig example.com A - ``` - -- To query the mail servers (MX records) of example.com: - - ``` - dig example.com MX - ``` - -- To query the name servers (NS records) of example.com: - - ``` - dig example.com NS - ``` - -By default, dig queries your system's configured DNS servers, but you can also specify a custom DNS server as follows: - -``` -dig @8.8.8.8 example.com A -``` - -Where `8.8.8.8` is the IP address of the custom DNS server (e.g., Google's Public DNS). - -## Advanced Usage - -Dig offers a variety of options for specifying query behavior, controlling output, and troubleshooting DNS issues. - -- To display only the answer section of the response: - - ``` - dig example.com A +short - ``` - -- To control the number of retries and timeout: - - ``` - dig example.com A +tries=2 +time=1 - ``` - -- To query a specific DNSSEC (DNS Security Extensions) record: - - ``` - dig example.com DNSKEY - ``` - -- To show traceroute-like output for following the DNS delegation path: - - ``` - dig example.com A +trace - ``` - -For a comprehensive list of options, consult the [dig man page](https://manpages.debian.org/stretch/dnsutils/dig.1.en.html) and the [official BIND documentation](https://bind9.readthedocs.io/en/latest/reference.html#dig). - -## Conclusion - -Dig is a powerful and flexible tool for querying DNS information, making it an essential part of any cyber security professional's toolkit. Whether you're investigating a breach, monitoring domain health, or troubleshooting DNS issues, dig can help you discover critical information about domain names and their associated records. \ No newline at end of file +- [@video@How to look up DNS records with dig](https://www.youtube.com/watch?v=3AOKomsmeUY) +- [@article@How to use Linux dig command](https://www.google.com/search?client=firefox-b-d&q=linux+dig+command) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/dlp@iolsTC-63d_1wzKGul-cT.md b/src/data/roadmaps/cyber-security/content/dlp@iolsTC-63d_1wzKGul-cT.md index 2972fb9f1..23cf1237f 100644 --- a/src/data/roadmaps/cyber-security/content/dlp@iolsTC-63d_1wzKGul-cT.md +++ b/src/data/roadmaps/cyber-security/content/dlp@iolsTC-63d_1wzKGul-cT.md @@ -1,7 +1,7 @@ -# Data Loss Prevention (DLP) - -Data Loss Prevention (DLP) refers to a set of strategies, tools, and processes used by organizations to ensure that sensitive data is not lost, accessed, or misused by unauthorized users. DLP solutions monitor, detect, and block the movement of critical information outside an organization’s network, helping to prevent data breaches, leaks, and other security incidents. - -Visit the following resources to learn more: -- [@article@What is data loss prevention (DLP)?](https://www.techtarget.com/whatis/definition/data-loss-prevention-DLP) -- [@article@What is DLP (data loss prevention)?](https://www.cloudflare.com/es-es/learning/access-management/what-is-dlp/) +# Data Loss Prevention (DLP) + +Data Loss Prevention (DLP) refers to a set of strategies, tools, and processes used by organizations to ensure that sensitive data is not lost, accessed, or misused by unauthorized users. DLP solutions monitor, detect, and block the movement of critical information outside an organization’s network, helping to prevent data breaches, leaks, and other security incidents. + +Visit the following resources to learn more: +- [@article@What is data loss prevention (DLP)?](https://www.techtarget.com/whatis/definition/data-loss-prevention-DLP) +- [@article@What is DLP (data loss prevention)?](https://www.cloudflare.com/es-es/learning/access-management/what-is-dlp/) diff --git a/src/data/roadmaps/cyber-security/content/dmz@gfpvDQz61I3zTB7tGu7vp.md b/src/data/roadmaps/cyber-security/content/dmz@gfpvDQz61I3zTB7tGu7vp.md index f1b5556b2..433e4629d 100644 --- a/src/data/roadmaps/cyber-security/content/dmz@gfpvDQz61I3zTB7tGu7vp.md +++ b/src/data/roadmaps/cyber-security/content/dmz@gfpvDQz61I3zTB7tGu7vp.md @@ -2,21 +2,7 @@ A **DMZ**, also known as a **Demilitarized Zone**, is a specific part of a network that functions as a buffer or separation between an organization's internal, trusted network and the external, untrusted networks like the internet. The primary purpose of a DMZ is to isolate critical systems and data from the potentially hostile external environment and provide an extra layer of security. -## Purpose of DMZ +Learn more from the following resources: -- **Security**: By segregating critical systems, a DMZ reduces the risk of unauthorized access and potential damage from external threats. This is achieved by implementing strong access controls, firewalls, and intrusion detection and prevention systems (IDS/IPS) to monitor and filter traffic between the DMZ and internal networks. -- **Content Filtering**: It enables organizations to place publicly accessible servers (e.g., web and email servers) within the DMZ without exposing the entire internal network to potential attacks. This ensures that only authorized traffic is allowed to pass through. -- **Ease of Management**: DMZ aids in simplifying security management processes as it provides a centralized location for implementing, auditing, and monitoring security policies, rules, and configurations for public-facing resources. - -## Components of DMZ - -The key components in a DMZ include: - -- **Firewalls**: These devices are used to control and manage traffic between the DMZ, internal, and external networks. They can be configured to allow, deny, or restrict access based on pre-defined security policies and rules. -- **Proxies**: Proxy servers act as intermediaries between the internal network and the internet. They help to screen and filter incoming and outgoing web traffic, providing an additional layer of security. -- **Intrusion Detection and Prevention Systems (IDS/IPS)**: These tools continuously monitor and analyze network traffic, looking for signs of unauthorized access or malicious activities, and automatically take appropriate actions to mitigate threats. -- **Public-Facing Servers**: These are the servers hosted within the DMZ, designed to serve content and resources to external users. They are typically configured with additional security measures to further reduce the risk of compromise. - -As the author of this guide, I hope this brief summary about DMZ helps you enhance your understanding of cyber security terminologies and their importance in protecting organizations' networks and data. Keep reading for more insights! - -- [@video@What is DMZ? (Demilitarized Zone)](https://www.youtube.com/watch?v=dqlzQXo1wqo) \ No newline at end of file +- [@article@What is a DMZ network?](https://www.fortinet.com/resources/cyberglossary/what-is-dmz) +- [@video@DMZ explained](https://www.youtube.com/watch?v=48QZfBeU4ps) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/dns@ORIdKG8H97VkBUYpiDtXf.md b/src/data/roadmaps/cyber-security/content/dns@ORIdKG8H97VkBUYpiDtXf.md index 3c4b7cebe..2cdc9d0ff 100644 --- a/src/data/roadmaps/cyber-security/content/dns@ORIdKG8H97VkBUYpiDtXf.md +++ b/src/data/roadmaps/cyber-security/content/dns@ORIdKG8H97VkBUYpiDtXf.md @@ -1,27 +1,9 @@ -# DNS +# Domain Name System (DNS) -**DNS** is a key component in the internet infrastructure that translates human-friendly domain names (e.g., `www.example.com`) into IP addresses (e.g., `192.0.2.44`). This translation process enables us to easily connect to websites and other online resources without having to remember complex numeric IP addresses. +The Domain Name System (DNS) is a fundamental protocol of the internet that translates human-readable domain names, like `www.example.com`, into IP addresses, such as `192.0.2.1`, which are used by computers to locate and communicate with each other. Essentially, DNS acts as the internet's phonebook, enabling users to access websites and services without needing to memorize numerical IP addresses. When a user types a domain name into a browser, a DNS query is sent to a DNS server, which then resolves the domain into its corresponding IP address, allowing the browser to connect to the appropriate server. DNS is crucial for the functionality of the internet, as it underpins virtually all online activities by ensuring that requests are routed to the correct destinations. -The DNS operates as a distributed and hierarchical system which involves the following components: +Learn more from the following resources: -- **DNS Resolver**: Your device's initial contact point with the DNS infrastructure, often provided by your Internet Service Provider (ISP) or a third-party service like Google Public DNS. - -- **Root Servers**: The authoritative servers on the top of the DNS hierarchy that guide DNS queries to the appropriate Top-Level Domain (TLD) servers. - -- **TLD Servers**: These servers manage the allocation of domain names for top-level domains, such as `.com`, `.org`, etc. - -- **Authoritative Name Servers**: These are the servers responsible for storing the DNS records pertaining to a specific domain (e.g., `example.com`). - -Some common DNS record types you might encounter include: - -- **A (Address) Record**: Maps a domain name to an IPv4 address. -- **AAAA (Address) Record**: Maps a domain name to an IPv6 address. -- **CNAME (Canonical Name) Record**: Maps an alias domain name to a canonical domain name. -- **MX (Mail Exchange) Record**: Specifies the mail servers responsible for handling email for the domain. -- **TXT (Text) Record**: Contains human-readable or machine-readable text, often used for verification purposes or providing additional information about a domain. - -As an essential part of the internet, the security and integrity of the DNS infrastructure are crucial. However, it's vulnerable to various types of cyber attacks, such as DNS cache poisoning, Distributed Denial of Service (DDoS) attacks, and DNS hijacking. Proper DNS security measures, such as DNSSEC (DNS Security Extensions) and monitoring unusual DNS traffic patterns, can help mitigate risks associated with these attacks. - -- [@article@DNS in detail (TryHackMe)](https://tryhackme.com/room/dnsindetail) -- [@video@DNS Explained in 100 Seconds (YouTube)](https://www.youtube.com/watch?v=UVR9lhUGAyU) -- [@feed@Explore top posts about DNS](https://app.daily.dev/tags/dns?ref=roadmapsh) +- [@video@DNS Explained in 100 Seconds](https://www.youtube.com/watch?v=UVR9lhUGAyU) +- [@video@What is DNS?](https://www.youtube.com/watch?v=nyH0nYhMW9M) +- [@article@What is DNS?](https://www.cloudflare.com/en-gb/learning/dns/what-is-dns/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/dns@r1IKvhpwg2umazLGlQZL1.md b/src/data/roadmaps/cyber-security/content/dns@r1IKvhpwg2umazLGlQZL1.md index 3c4b7cebe..2cdc9d0ff 100644 --- a/src/data/roadmaps/cyber-security/content/dns@r1IKvhpwg2umazLGlQZL1.md +++ b/src/data/roadmaps/cyber-security/content/dns@r1IKvhpwg2umazLGlQZL1.md @@ -1,27 +1,9 @@ -# DNS +# Domain Name System (DNS) -**DNS** is a key component in the internet infrastructure that translates human-friendly domain names (e.g., `www.example.com`) into IP addresses (e.g., `192.0.2.44`). This translation process enables us to easily connect to websites and other online resources without having to remember complex numeric IP addresses. +The Domain Name System (DNS) is a fundamental protocol of the internet that translates human-readable domain names, like `www.example.com`, into IP addresses, such as `192.0.2.1`, which are used by computers to locate and communicate with each other. Essentially, DNS acts as the internet's phonebook, enabling users to access websites and services without needing to memorize numerical IP addresses. When a user types a domain name into a browser, a DNS query is sent to a DNS server, which then resolves the domain into its corresponding IP address, allowing the browser to connect to the appropriate server. DNS is crucial for the functionality of the internet, as it underpins virtually all online activities by ensuring that requests are routed to the correct destinations. -The DNS operates as a distributed and hierarchical system which involves the following components: +Learn more from the following resources: -- **DNS Resolver**: Your device's initial contact point with the DNS infrastructure, often provided by your Internet Service Provider (ISP) or a third-party service like Google Public DNS. - -- **Root Servers**: The authoritative servers on the top of the DNS hierarchy that guide DNS queries to the appropriate Top-Level Domain (TLD) servers. - -- **TLD Servers**: These servers manage the allocation of domain names for top-level domains, such as `.com`, `.org`, etc. - -- **Authoritative Name Servers**: These are the servers responsible for storing the DNS records pertaining to a specific domain (e.g., `example.com`). - -Some common DNS record types you might encounter include: - -- **A (Address) Record**: Maps a domain name to an IPv4 address. -- **AAAA (Address) Record**: Maps a domain name to an IPv6 address. -- **CNAME (Canonical Name) Record**: Maps an alias domain name to a canonical domain name. -- **MX (Mail Exchange) Record**: Specifies the mail servers responsible for handling email for the domain. -- **TXT (Text) Record**: Contains human-readable or machine-readable text, often used for verification purposes or providing additional information about a domain. - -As an essential part of the internet, the security and integrity of the DNS infrastructure are crucial. However, it's vulnerable to various types of cyber attacks, such as DNS cache poisoning, Distributed Denial of Service (DDoS) attacks, and DNS hijacking. Proper DNS security measures, such as DNSSEC (DNS Security Extensions) and monitoring unusual DNS traffic patterns, can help mitigate risks associated with these attacks. - -- [@article@DNS in detail (TryHackMe)](https://tryhackme.com/room/dnsindetail) -- [@video@DNS Explained in 100 Seconds (YouTube)](https://www.youtube.com/watch?v=UVR9lhUGAyU) -- [@feed@Explore top posts about DNS](https://app.daily.dev/tags/dns?ref=roadmapsh) +- [@video@DNS Explained in 100 Seconds](https://www.youtube.com/watch?v=UVR9lhUGAyU) +- [@video@What is DNS?](https://www.youtube.com/watch?v=nyH0nYhMW9M) +- [@article@What is DNS?](https://www.cloudflare.com/en-gb/learning/dns/what-is-dns/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/dnssec@LLGXONul7JfZGUahnK0AZ.md b/src/data/roadmaps/cyber-security/content/dnssec@LLGXONul7JfZGUahnK0AZ.md index b6890e777..7ac913f0a 100644 --- a/src/data/roadmaps/cyber-security/content/dnssec@LLGXONul7JfZGUahnK0AZ.md +++ b/src/data/roadmaps/cyber-security/content/dnssec@LLGXONul7JfZGUahnK0AZ.md @@ -1,24 +1,8 @@ -# DNSSEC +# DNS Security Extensions (DNSSEC) -DNS Security Extensions (DNSSEC) is a protocol designed to address security vulnerabilities in the Domain Name System (DNS). Here are the key points: - -- **Digital Signatures:** -DNSSEC protects against attacks by digitally signing DNS data. These signatures ensure data validity and prevent tampering. - -- **Hierarchical Signing:** -DNSSEC signs data at every level of the DNS lookup process. For instance, when looking up ‘google.com,’ the root DNS server signs a key for the .COM nameserver, which then signs a key for google.com’s authoritative nameserver. - -- **Backwards Compatibility:** -DNSSEC doesn’t disrupt traditional DNS lookups; it adds security without breaking existing functionality. It complements other security measures like SSL/TLS. - -- **Chain of Trust:** -DNSSEC establishes a parent-child trust chain from the root zone down to specific domains. -Any compromise in this chain exposes requests to on-path attacks. +DNS Security Extensions (DNSSEC) is a suite of protocols designed to add a layer of security to the Domain Name System (DNS) by enabling DNS responses to be authenticated. While DNS itself resolves domain names into IP addresses, it does not inherently verify the authenticity of the responses, leaving it vulnerable to attacks like cache poisoning, where an attacker injects malicious data into a DNS resolver’s cache. DNSSEC addresses this by using digital signatures to ensure that the data received is exactly what was intended by the domain owner and has not been tampered with during transit. When a DNS resolver requests information, DNSSEC-enabled servers respond with both the requested data and a corresponding digital signature. The resolver can then verify this signature using a chain of trust, ensuring the integrity and authenticity of the DNS response. By protecting against forged DNS data, DNSSEC plays a critical role in enhancing the security of internet communications. Learn more from the following resources: -- [@article@DNSSEC: What Is It and Why Is It Important? - ICANN](https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en) -- [@article@How DNSSEC Works - Cloudflare](https://www.cloudflare.com/dns/dnssec/how-dnssec-works/) -- [@article@What is DNS security? - Cloudflare](https://www.cloudflare.com/learning/dns/dns-security/) -- [@video@What is DNSSEC? - IBM](https://www.youtube.com/watch?v=Fk2oejzgSVQ) -- [@video@(DNS) 101 Miniseries](https://www.youtube.com/playlist?list=PLTk5ZYSbd9MhMmOiPhfRJNW7bhxHo4q-K) +- [@article@How DNSSEC works](https://www.cloudflare.com/en-gb/dns/dnssec/how-dnssec-works/) +- [@video@What is DNSSEC?](https://www.youtube.com/watch?v=Fk2oejzgSVQ) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/dos-vs-ddos@IF5H0ZJ72XnqXti3jRWYF.md b/src/data/roadmaps/cyber-security/content/dos-vs-ddos@IF5H0ZJ72XnqXti3jRWYF.md index e69de29bb..effb381d5 100644 --- a/src/data/roadmaps/cyber-security/content/dos-vs-ddos@IF5H0ZJ72XnqXti3jRWYF.md +++ b/src/data/roadmaps/cyber-security/content/dos-vs-ddos@IF5H0ZJ72XnqXti3jRWYF.md @@ -0,0 +1,9 @@ +# Denial of Service (DoS) vs Distributed Denial of Service (DDoS) + +Denial of Service (DoS) and Distributed Denial of Service (DDoS) are both types of cyber attacks aimed at disrupting the normal functioning of a targeted service, typically a website or network. A DoS attack involves a single source overwhelming a system with a flood of requests or malicious data, exhausting its resources and making it unavailable to legitimate users. In contrast, a DDoS attack amplifies this disruption by using multiple compromised devices, often forming a botnet, to launch a coordinated attack from numerous sources simultaneously. This distributed nature makes DDoS attacks more challenging to mitigate, as the traffic comes from many different locations, making it harder to identify and block the malicious traffic. Both types of attacks can cause significant downtime, financial loss, and reputational damage to the targeted organization. + +Learn more from the following resources: + +- [@video@What is Denial-of-Service attack?](https://www.youtube.com/watch?v=Z7xG3b0aL_I) +- [@video@What is a DDoS attack?](https://www.youtube.com/watch?v=z503nLsfe5s) +- [@article@DoS vs DDoS](https://www.fortinet.com/resources/cyberglossary/dos-vs-ddos) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/drive-by-attack@cO70zHvHgBAH29khF-hBW.md b/src/data/roadmaps/cyber-security/content/drive-by-attack@cO70zHvHgBAH29khF-hBW.md index 10585a349..1f633af19 100644 --- a/src/data/roadmaps/cyber-security/content/drive-by-attack@cO70zHvHgBAH29khF-hBW.md +++ b/src/data/roadmaps/cyber-security/content/drive-by-attack@cO70zHvHgBAH29khF-hBW.md @@ -5,3 +5,4 @@ Drive-by Attack is a type of cyberattack where malicious code is automatically d Visit the following resources to learn more: - [@article@What is a Drive-By Attack?](https://www.ericom.com/glossary/what-is-a-drive-by-attack/) +- [@video@Drive-By Download attack](https://www.youtube.com/watch?v=xL4DyblbnKg) diff --git a/src/data/roadmaps/cyber-security/content/dropbox@9OastXVfiG1YRMm68ecnn.md b/src/data/roadmaps/cyber-security/content/dropbox@9OastXVfiG1YRMm68ecnn.md index 0555fa478..935ef8b95 100644 --- a/src/data/roadmaps/cyber-security/content/dropbox@9OastXVfiG1YRMm68ecnn.md +++ b/src/data/roadmaps/cyber-security/content/dropbox@9OastXVfiG1YRMm68ecnn.md @@ -2,41 +2,6 @@ Dropbox is a widely used cloud storage service that allows you to store, access, and share files, documents, and media with ease across various devices. Launched in 2007, Dropbox has become one of the most popular cloud storage solutions, catering to both individual users and businesses. The service is available on multiple platforms, including Windows, macOS, Linux, iOS, and Android. -## Key features +Learn more from the following resources: -- **File synchronization**: Sync the same files across all your devices and have instant access to updated files from anywhere. -- **File sharing**: Easily share files or folders by sending a link or inviting other users to a shared folder. -- **Collaboration**: Dropbox allows real-time collaboration on documents with multiple users using integrations with other tools like Google Workspace and Microsoft Office 365. -- **Version history**: Retrieve previous versions of a file for up to 30 days, allowing you to recover deleted files or reverse changes. - -## Plans and pricing - -Dropbox offers various plans for individual users and businesses with different storage capacities and features: - -- **Basic**: Free plan with 2 GB storage and core features like file synchronization and sharing. -- **Plus**: Priced at $9.99/month for 2 TB storage, additional features like Smart Sync, remote device wipe, and a longer (30-day) version history. -- **Professional**: Priced at $19.99/month for 3 TB storage and added features like advanced sharing controls and full-text search. -- **Business plans**: Starting from $12.50/user/month for a minimum of 3 users, with 5 TB storage per user, priority support, and additional file controls. - -## Security and privacy - -Dropbox takes security and privacy seriously, with features like: - -- **Encryption**: Files are encrypted both when they are stored on Dropbox servers and during transmission (using SSL/TLS). -- **Two-factor authentication**: You can enable two-factor authentication (2FA) to add an extra layer of security to your account. -- **Selective sync**: Choose which files and folders to sync on each device, allowing you to keep sensitive data off certain computers or devices. -- **GDPR compliance**: Dropbox is compliant with the General Data Protection Regulation (GDPR), which ensures better data protection and privacy for users. - -## Drawbacks - -There are a few downsides to using Dropbox as your cloud storage solution: - -- Limited storage on the free plan. -- The need for a third-party app to encrypt files before uploading to add an extra layer of security. -- Other alternatives offer additional features like built-in document editing. - -## Conclusion - -Dropbox is a simple and user-friendly cloud storage service that offers seamless integration with various platforms and efficient file sharing options. While its free plan may be limited compared to other alternatives, the ease of use and robust feature set make it a popular choice for both personal and professional use. - -- [@official@Dropbox](https://www.dropbox.com/) +- [@official@Dropbox Website](https://dropbox.com) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/dumpster-diving@Iu0Qtk13RjrhHpSlm0uyh.md b/src/data/roadmaps/cyber-security/content/dumpster-diving@Iu0Qtk13RjrhHpSlm0uyh.md index b73b32b9e..d3223c981 100644 --- a/src/data/roadmaps/cyber-security/content/dumpster-diving@Iu0Qtk13RjrhHpSlm0uyh.md +++ b/src/data/roadmaps/cyber-security/content/dumpster-diving@Iu0Qtk13RjrhHpSlm0uyh.md @@ -5,3 +5,4 @@ Dumpster Diving in the context of cybersecurity refers to the practice of search Visit the following resources to learn more: - [@article@What is Dumpster Diving](https://powerdmarc.com/dumpster-diving-in-cybersecurity/) +- [@video@Dumpster diving for sensitive information](https://www.youtube.com/watch?v=Pom86gq4mk4) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/eap-vs-peap@1jwtExZzR9ABKvD_S9zFG.md b/src/data/roadmaps/cyber-security/content/eap-vs-peap@1jwtExZzR9ABKvD_S9zFG.md index e69de29bb..2e76146b4 100644 --- a/src/data/roadmaps/cyber-security/content/eap-vs-peap@1jwtExZzR9ABKvD_S9zFG.md +++ b/src/data/roadmaps/cyber-security/content/eap-vs-peap@1jwtExZzR9ABKvD_S9zFG.md @@ -0,0 +1,10 @@ +# Extensible Authentication Protocol (EAP) vs Protected Extensible Authentication Protocol (PEAP) + +EAP and PEAP are both authentication frameworks used in wireless networks and Point-to-Point connections to provide secure access. EAP is a flexible authentication framework that supports multiple authentication methods, such as token cards, certificates, and passwords, allowing for diverse implementations in network security. However, EAP by itself does not provide encryption, leaving the authentication process potentially vulnerable to attacks. + +PEAP, on the other hand, is a version of EAP designed to enhance security by encapsulating the EAP communication within a secure TLS (Transport Layer Security) tunnel. This tunnel protects the authentication process from eavesdropping and man-in-the-middle attacks. PEAP requires a server-side certificate to establish the TLS tunnel, but it does not require client-side certificates, making it easier to deploy while still ensuring secure transmission of credentials. PEAP is widely used in wireless networks to provide a secure authentication mechanism that protects user credentials during the authentication process. + +Learn more from the following resources: + +- [@article@Extensible Authentication Protocol (EAP) for network access](https://learn.microsoft.com/en-us/windows-server/networking/technologies/extensible-authentication-protocol/network-access?tabs=eap-tls%2Cserveruserprompt-eap-tls%2Ceap-sim) +- [@article@What is Protected Extensible Authentication Protocol (PEAP)](https://www.techtarget.com/searchsecurity/definition/PEAP-Protected-Extensible-Authentication-Protocol) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/edr@QvHWrmMzO8IvNQ234E_wf.md b/src/data/roadmaps/cyber-security/content/edr@QvHWrmMzO8IvNQ234E_wf.md index 6a12cdef3..683d5d2f6 100644 --- a/src/data/roadmaps/cyber-security/content/edr@QvHWrmMzO8IvNQ234E_wf.md +++ b/src/data/roadmaps/cyber-security/content/edr@QvHWrmMzO8IvNQ234E_wf.md @@ -5,3 +5,4 @@ Endpoint Detection and Response (EDR) is a cybersecurity technology that provide Learn more from the following resources: - [@video@What is Endpoint Detection and Response (EDR)? - IBM](https://www.youtube.com/watch?v=55GaIolVVqI) +- [@article@What is Endpoint Detection and Response?](https://www.crowdstrike.com/cybersecurity-101/endpoint-security/endpoint-detection-and-response-edr/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/endpoint-security@LEgJtu1GZKOtoAXyOGWLE.md b/src/data/roadmaps/cyber-security/content/endpoint-security@LEgJtu1GZKOtoAXyOGWLE.md index 9cfeeb21d..a28e64011 100644 --- a/src/data/roadmaps/cyber-security/content/endpoint-security@LEgJtu1GZKOtoAXyOGWLE.md +++ b/src/data/roadmaps/cyber-security/content/endpoint-security@LEgJtu1GZKOtoAXyOGWLE.md @@ -1,33 +1,8 @@ # Endpoint Security -Endpoint security refers to the practice of protecting individual devices, or "endpoints", that connect to your organization's network from potential cyber threats. These devices include desktop computers, laptops, smartphones, tablets, and servers. With the increase in remote working and the widespread use of personal devices in the workplace, endpoint security has become a critical aspect of a strong cybersecurity strategy. - -## Why is Endpoint Security Important? - -Endpoint devices serve as potential entry points for cybercriminals to access sensitive data and launch attacks against your organization's network. By securing these devices, you can prevent unauthorized access, reduce the risk of data breaches, and maintain the integrity of your network. - -## Key Components of Endpoint Security - -To effectively secure your endpoints, consider implementing the following measures: - -- **Antivirus and Malware Protection**: Make sure every endpoint device has up-to-date antivirus and anti-malware software installed. This will help to detect and remove malicious files, preventing them from causing harm to your network. - -- **Patch Management**: Stay up to date with the latest security patches for your operating systems and third-party applications. Regularly updating your software can help protect against vulnerabilities that cybercriminals may exploit. - -- **Device Management**: Implement a centralized device management solution that allows administrators to monitor, manage, and secure endpoints. This includes enforcing security policies, tracking device inventory, and remote wiping lost or stolen devices. - -- **Access Control**: Limit access to sensitive data by implementing a strict access control policy. Only grant necessary permissions to those who require it, and use authentication methods such as multi-factor authentication (MFA) to verify the identity of users. - -- **Encryption**: Encrypt sensitive data stored on endpoint devices to prevent unauthorized access to the data in case of device theft or loss. - -- **Firewall and Intrusion Prevention**: Deploy firewall and intrusion prevention systems to block external threats and alert administrators of potential attacks. - -- **User Training**: Educate users about the importance of endpoint security and the best practices for maintaining it. This includes topics like creating strong passwords, avoiding phishing scams, and following safe browsing practices. - -By taking a comprehensive approach to endpoint security, you can protect your organization's network and sensitive data from the growing threat of cyberattacks. +Endpoint security focuses on protecting individual devices that connect to a network, such as computers, smartphones, tablets, and IoT devices. It's a critical component of modern cybersecurity strategy, as endpoints often serve as entry points for cyberattacks. This approach involves deploying and managing security software on each device, including antivirus programs, firewalls, and intrusion detection systems. Advanced endpoint protection solutions may incorporate machine learning and behavioral analysis to detect and respond to novel threats. Endpoint security also encompasses patch management, device encryption, and access controls to mitigate risks associated with lost or stolen devices. As remote work and bring-your-own-device (BYOD) policies become more prevalent, endpoint security has evolved to include cloud-based management and zero-trust architectures, ensuring that security extends beyond the traditional network perimeter to protect data and systems regardless of device location or ownership. Learn more from the following resources: -- [@video@Endpoint Security](https://youtu.be/5d7PCDm_MXs?si=RX3sAdNPLG0tJOaR&t=11) -- [@course@Manage endpoint security - Microsoft Learn](https://learn.microsoft.com/en-us/training/paths/manage-endpoint-security/) - +- [@article@What is Endpoint Security?](https://www.crowdstrike.com/cybersecurity-101/endpoint-security/) +- [@video@Endpoints are the IT frontdoor - Gaurd them!](https://www.youtube.com/watch?v=Njqid_JpqTs) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/eradication@N17xAIo7sgbB0nrIDMWju.md b/src/data/roadmaps/cyber-security/content/eradication@N17xAIo7sgbB0nrIDMWju.md index cfcb5266d..f378de4af 100644 --- a/src/data/roadmaps/cyber-security/content/eradication@N17xAIo7sgbB0nrIDMWju.md +++ b/src/data/roadmaps/cyber-security/content/eradication@N17xAIo7sgbB0nrIDMWju.md @@ -1,21 +1,8 @@ # Eradication -Eradication is a crucial step in the incident response process where the primary goal is to eliminate any malicious activity from the infected system(s) and halt the attacker's foothold in the network. This step usually follows the detailed analysis and identification of the nature and scope of the incident. Below are some key aspects of the eradication process: +Eradication in cybersecurity refers to the critical phase of incident response that follows containment, focusing on completely removing the threat from the affected systems. This process involves thoroughly identifying and eliminating all components of the attack, including malware, backdoors, and any alterations made to the system. Security teams meticulously analyze logs, conduct forensic examinations, and use specialized tools to ensure no traces of the threat remain. Eradication may require reimaging compromised systems, patching vulnerabilities, updating software, and resetting compromised credentials. It's a complex and often time-consuming process that demands precision to prevent reinfection or lingering security gaps. Successful eradication is crucial for restoring system integrity and preventing future incidents based on the same attack vector. After eradication, organizations typically move to the recovery phase, rebuilding and strengthening their systems with lessons learned from the incident. -## Delete Malware & Vulnerability Patching +Learn more from the following resources: -Once the incident has been identified and understood, teams must remove any malicious software, including viruses, worms, and Trojans from the affected systems. Simultaneously, patch any vulnerabilities that were exploited to ensure the effectiveness of the eradication process. - -## Enhance Security Measures - -After vulnerabilities have been patched, it's essential to boost the organization's security posture. This may involve updating and strengthening passwords, tightening access controls, or employing advanced security mechanisms like multi-factor authentication (MFA). - -## System Restoration - -In some cases, it may be necessary to restore compromised systems from known backups or clean images to eliminate any lingering threats. Before restoring, verify the integrity and safety of the backups and ensure the security vulnerability is patched to avoid reinfection. - -## Retain Evidentiary Data - -Be sure to retain any critical artifacts, logs, and other evidence associated with the incident. This information may be needed later for legal or insurance purposes, audit requirements, or continuous improvement of the organization's incident response capabilities. - -Remember that each incident is unique, and the eradication strategy must be customized according to the given incident's specifics. Proper documentation and communication should be maintained throughout the process to ensure smooth execution and avoid overlooking critical aspects. After eradication has been completed, it is essential to move forward and strengthen the overall cybersecurity posture to prevent future incidents. +- [@article@Eradication - AWS](https://docs.aws.amazon.com/whitepapers/latest/aws-security-incident-response-guide/eradication.html) +- [@article@What is eradication in Cybersecurity?](https://heimdalsecurity.com/blog/what-is-eradication-in-cybersecurity/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/esxi@BisNooct1vJDKaBKsGR7_.md b/src/data/roadmaps/cyber-security/content/esxi@BisNooct1vJDKaBKsGR7_.md index d4a3458d9..de4466dcb 100644 --- a/src/data/roadmaps/cyber-security/content/esxi@BisNooct1vJDKaBKsGR7_.md +++ b/src/data/roadmaps/cyber-security/content/esxi@BisNooct1vJDKaBKsGR7_.md @@ -2,20 +2,7 @@ VMware ESXi is a Type 1 hypervisor and the core building block for VMware's virtualization technology. It represents a bare-metal hypervisor, which means it is installed directly onto your physical server's hardware, without the need for a supporting operating system. This results in elevated performance, reduced overhead, and efficient resource allocation. -Key features and benefits of ESXi include: +Learn more from the following resources: -- **Bare-metal performance**: ESXi can provide better performance by executing directly on the hardware, without the need for an additional operating system layer. - -- **Security**: ESXi has a smaller footprint and is more resistant to attacks due to its limited scope and stringent VMware policies. - -- **Resource allocation**: ESXi allows for efficient allocation of resources, such as memory and CPU time, as it directly controls hardware. - -- **Scalability**: ESXi provides a simple and efficient environment to run multiple virtual machines (VMs) on a single server, which can reduce the need for additional hardware. - -- **Centralized management**: VMware offers vSphere, a centralized management platform that integrates seamlessly with ESXi, making it easy to deploy, manage, and maintain large-scale virtual infrastructure. - -- **Compatibility**: ESXi is compatible with a wide variety of hardware, which makes deployment and implementation more flexible and cost-effective. - -To get started with ESXi, you'll need to have compatible hardware and download the ESXi ISO from VMware's website. After installing it on your server, you can manage the virtual machines through VMware vSphere Client or other third-party tools. For more advanced management features, such as high availability, fault tolerance, and distributed resource scheduling, consider investing in VMware vSphere to fully leverage ESXi's potential. - -In summary, VMware's ESXi enables organizations to create, run, and manage multiple virtual machines on a single physical server. With its bare-metal performance, robust security, and seamless integration with management tools, ESXi is a powerful solution for businesses looking to optimize their IT infrastructure through virtualization technologies. +- [@official@What is ESXi?](https://www.vmware.com/products/cloud-infrastructure/esxi-and-esx) +- [@article@What is VMWare ESXi?](https://www.liquidweb.com/blog/what-is-vmware-esxi/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/event-logs@KbFwL--xF-eYjGy8PZdrM.md b/src/data/roadmaps/cyber-security/content/event-logs@KbFwL--xF-eYjGy8PZdrM.md index e69de29bb..55a99a41b 100644 --- a/src/data/roadmaps/cyber-security/content/event-logs@KbFwL--xF-eYjGy8PZdrM.md +++ b/src/data/roadmaps/cyber-security/content/event-logs@KbFwL--xF-eYjGy8PZdrM.md @@ -0,0 +1,8 @@ +# Event Logs + +Event logs are digital records that document activities and occurrences within computer systems and networks. They serve as a crucial resource for cybersecurity professionals, providing a chronological trail of system operations, user actions, and security-related events. These logs capture a wide range of information, including login attempts, file access, system changes, and application errors. In the context of security, event logs play a vital role in threat detection, incident response, and forensic analysis. They help identify unusual patterns, track potential security breaches, and reconstruct the sequence of events during an attack. Effective log management involves collecting logs from various sources, securely storing them, and implementing tools for log analysis and correlation. However, the sheer volume of log data can be challenging to manage, requiring advanced analytics and automation to extract meaningful insights and detect security incidents in real-time. + +Learn more from the following resources: + +- [@article@What is an event log?](https://www.crowdstrike.com/cybersecurity-101/observability/event-log/) +- [@article@What are event logs and why do they matter?](https://www.blumira.com/blog/what-are-event-logs-and-why-do-they-matter) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/evil-twin@O1fY2n40yjZtJUEeoItKr.md b/src/data/roadmaps/cyber-security/content/evil-twin@O1fY2n40yjZtJUEeoItKr.md index 61de1ad1f..6f4b6da0c 100644 --- a/src/data/roadmaps/cyber-security/content/evil-twin@O1fY2n40yjZtJUEeoItKr.md +++ b/src/data/roadmaps/cyber-security/content/evil-twin@O1fY2n40yjZtJUEeoItKr.md @@ -2,20 +2,7 @@ An Evil Twin is a type of wireless network attack where an attacker sets up a rogue Wi-Fi access point that mimics a legitimate Wi-Fi network. The rogue access point has the same SSID (network name) as the legitimate network, making it difficult for users to distinguish between the two. The attacker's goal is to trick users into connecting to the rogue access point, allowing them to intercept sensitive information, inject malware, or launch other types of attacks. -## Types of Evil Twin Attacks +Learn more from the following resources: -- **Captive Portal Attack:** The most common evil twin attack scenario is an attack using Captive Portals, this is a common scenario where an attacker creates a fake captive portal that mimics the legitimate network's login page. -The goal is to trick users into entering their credentials, which the attacker can then use to gain access to the network. -- **Man-in-the-Middle (MitM) Attack:** In this scenario, the attacker intercepts communication between the user's device and the legitimate network. The attacker can then inject malware, steal sensitive information, or modify data in real-time. -- **SSL Stripping Attack:** The attacker downgrades the user's connection from HTTPS to HTTP, allowing them to intercept sensitive information, such as login credentials or credit card numbers. -- **Malware Injection:** The attacker injects malware into the user's device, which can then spread to other devices on the network. - -## How Evil Twin Attacks are Carried Out - -- **Rogue Access Point:** The attacker sets up a rogue access point with the same SSID as the legitimate network. This can be done using a laptop, a portable Wi-Fi router, or even a compromised device on the network. -- **Wi-Fi Scanning:** The attacker uses specialized software to scan for nearby Wi-Fi networks and identify potential targets. -- **Network Sniffing:** The attacker uses network sniffing tools to capture and analyze network traffic, allowing them to identify vulnerabilities and intercept sensitive information. - -Visit the following resources to learn more: - -- [@website@Common tool - airgeddon](https://www.kali.org/tools/airgeddon/) +- [@article@What is an Evil Twin attack?](https://www.techtarget.com/searchsecurity/definition/evil-twin) +- [@video@How Hackers Can Grab Your Passwords Over Wi-Fi with Evil Twin Attacks](https://www.youtube.com/watch?v=HyxQqDq3qs4) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/false-negative--false-positive@XwRCZf-yHJsXVjaRfb3R4.md b/src/data/roadmaps/cyber-security/content/false-negative--false-positive@XwRCZf-yHJsXVjaRfb3R4.md index 0718b93f6..3104cb163 100644 --- a/src/data/roadmaps/cyber-security/content/false-negative--false-positive@XwRCZf-yHJsXVjaRfb3R4.md +++ b/src/data/roadmaps/cyber-security/content/false-negative--false-positive@XwRCZf-yHJsXVjaRfb3R4.md @@ -4,4 +4,9 @@ A false positive happens when the security tool mistakenly identifies a non-thre A false negative occurs when the security tool fails to detect an actual threat or attack. This could result in a real attack going unnoticed, causing damage to the system, data breaches, or other negative consequences. A high number of false negatives indicate that the security system needs to be improved to capture real threats effectively. -To have an effective cybersecurity system, security professionals aim to maximize true positives and true negatives, while minimizing false positives and false negatives. Balancing these aspects ensures that the security tools maintain their effectiveness without causing undue disruptions to a user's experience. \ No newline at end of file +To have an effective cybersecurity system, security professionals aim to maximize true positives and true negatives, while minimizing false positives and false negatives. Balancing these aspects ensures that the security tools maintain their effectiveness without causing undue disruptions to a user's experience. + +Learn more from the following resources: + +- [@video@What is a false positive virus?](https://www.youtube.com/watch?v=WrcAGBvIT14) +- [@video@False positives and false negatives](https://www.youtube.com/watch?v=bUNBzMnfHLw) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/firewall--nextgen-firewall@tWDo5R3KU5KOjDdtv801x.md b/src/data/roadmaps/cyber-security/content/firewall--nextgen-firewall@tWDo5R3KU5KOjDdtv801x.md index e69de29bb..33b45b658 100644 --- a/src/data/roadmaps/cyber-security/content/firewall--nextgen-firewall@tWDo5R3KU5KOjDdtv801x.md +++ b/src/data/roadmaps/cyber-security/content/firewall--nextgen-firewall@tWDo5R3KU5KOjDdtv801x.md @@ -0,0 +1,10 @@ +# Firewalls & Next-Generation Firewalls + +Firewalls are network security devices that monitor and control incoming and outgoing traffic based on predetermined security rules. Traditional firewalls operate at the network layer, filtering traffic based on IP addresses, ports, and protocols. They provide basic protection by creating a barrier between trusted internal networks and untrusted external networks. + +Next-generation firewalls (NGFWs) build upon this foundation, offering more advanced features to address modern cyber threats. NGFWs incorporate deep packet inspection, application-level filtering, and integrated intrusion prevention systems. They can identify and control applications regardless of port or protocol, enabling more granular security policies. NGFWs often include additional security functions such as SSL/TLS inspection, antivirus scanning, and threat intelligence integration. This evolution allows for more comprehensive network protection, better visibility into network traffic, and improved defense against sophisticated attacks in today's complex and dynamic threat landscape. + +Learn more from the following resources: + +- [@article@What is a firewall?](https://www.kaspersky.com/resource-center/definitions/firewall) +- [@article@What is a next-generation firewall (NGFW)?](https://www.cloudflare.com/en-gb/learning/security/what-is-next-generation-firewall-ngfw/) diff --git a/src/data/roadmaps/cyber-security/content/firewall-logs@np0PwKy-EvIa_f_LC6Eem.md b/src/data/roadmaps/cyber-security/content/firewall-logs@np0PwKy-EvIa_f_LC6Eem.md index e69de29bb..6b3b158dd 100644 --- a/src/data/roadmaps/cyber-security/content/firewall-logs@np0PwKy-EvIa_f_LC6Eem.md +++ b/src/data/roadmaps/cyber-security/content/firewall-logs@np0PwKy-EvIa_f_LC6Eem.md @@ -0,0 +1,8 @@ +# Firewall Logs + +Firewall logs are detailed records of network traffic and security events captured by firewall devices. These logs provide crucial information about connection attempts, allowed and blocked traffic, and potential security incidents. They typically include data such as source and destination IP addresses, ports, protocols, timestamps, and the action taken by the firewall. Security professionals analyze these logs to monitor network activity, detect unusual patterns, investigate security breaches, and ensure policy compliance. Firewall logs are essential for troubleshooting network issues, optimizing security rules, and conducting forensic analysis after an incident. However, the volume of log data generated can be overwhelming, necessitating the use of log management tools and security information and event management (SIEM) systems to effectively process, correlate, and derive actionable insights from the logs. Regular review and analysis of firewall logs are critical practices in maintaining a robust security posture and responding promptly to potential threats. + +Learn more from the following resources: + +- [@article@What is firewall logging and why is it important?](https://cybriant.com/what-is-firewall-logging-and-why-is-it-important/) +- [@video@Reviewing firewall logs](https://www.youtube.com/watch?v=XiJ30f8V_T4) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/ftk-imager@_jJhL1RtaqHJmlcWrd-Ak.md b/src/data/roadmaps/cyber-security/content/ftk-imager@_jJhL1RtaqHJmlcWrd-Ak.md index ccdbd7983..c12f7218b 100644 --- a/src/data/roadmaps/cyber-security/content/ftk-imager@_jJhL1RtaqHJmlcWrd-Ak.md +++ b/src/data/roadmaps/cyber-security/content/ftk-imager@_jJhL1RtaqHJmlcWrd-Ak.md @@ -1,26 +1,8 @@ # FTK Imager -[FTK Imager](https://accessdata.com/product-download/digital-forensics/ftk-imager-version-3.1.1) is a popular and widely used free imaging tool developed by AccessData. It allows forensic analysts and IT professionals to create forensic images of digital devices and storage media. It is ideal for incident response and discovery as it helps in preserving and investigating digital evidence that is crucial for handling cyber security incidents. +FTK Imager is a popular and widely used free imaging tool developed by AccessData. It allows forensic analysts and IT professionals to create forensic images of digital devices and storage media. It is ideal for incident response and discovery as it helps in preserving and investigating digital evidence that is crucial for handling cyber security incidents. -FTK Imager provides users with a variety of essential features, such as: +Learn more from the following resources: -- **Creating forensic images**: FTK Imager can create a forensically sound image of a computer's disk or other storage device in various formats, including raw (dd), E01, and AFF formats. - -- **Previewing data**: It allows analysts to preview data stored on any imaging source, such as a hard drive, even before creating a forensic image so that they can determine if the source's data is relevant to the investigation. - -- **Acquiring live data**: FTK Imager can help capture memory (RAM) of a live system for further investigation, allowing you to analyze system information such as running processes, network connections, and file handles. - -- **Examining file systems**: It offers the ability to browse and examine file systems, identify file types, view, and export files and directories without needing to mount the disk image. - -- **Hashing support**: FTK Imager supports hashing files and capturing evident files, ensuring the integrity of data and confirming that the original data has not been tampered with during investigation and analysis. - -- **Mounting images**: Users can mount forensic images, enabling them to view and analyze disk images using various third-party tools. - -To use FTK Imager effectively in incident response: - -- Download and install FTK Imager from the [official website](https://accessdata.com/product-download/digital-forensics/ftk-imager-version-3.1.1). -- Launch FTK Imager to create forensic images of digital devices or storage media by following the [user guide](https://ad-pdf.s3.amazonaws.com/Imager%20Lite%204_2%20Users%20Guide.pdf) and best practices. -- Preview, examine, and export data as needed for further investigation and analysis. -- Use FTK Imager along with other forensic tools and techniques to perform comprehensive digital investigations during incident response and discovery scenarios. - -In summary, FTK Imager is a versatile tool that plays a critical role in incident response and discovery efforts by providing secure and forensically sound digital imaging capabilities, enabling investigators to preserve, analyze, and present digital evidence for successful cyber security investigations. \ No newline at end of file +- [@official@Create Forensic Images with Exterro FTK Imager](https://www.exterro.com/digital-forensics-software/ftk-imager) +- [@video@Imaging a Directory Using FTK Imager](https://www.youtube.com/watch?v=trWDlPif84o) diff --git a/src/data/roadmaps/cyber-security/content/ftp-vs-sftp@9Z6HPHPj4escSVDWftFEx.md b/src/data/roadmaps/cyber-security/content/ftp-vs-sftp@9Z6HPHPj4escSVDWftFEx.md index e69de29bb..3681ab578 100644 --- a/src/data/roadmaps/cyber-security/content/ftp-vs-sftp@9Z6HPHPj4escSVDWftFEx.md +++ b/src/data/roadmaps/cyber-security/content/ftp-vs-sftp@9Z6HPHPj4escSVDWftFEx.md @@ -0,0 +1,8 @@ +# File Transfer Protocol (FTP) vs Secure File Transfer Protol (SFTP) + +File Transfer Protocol (FTP) and Secure File Transfer Protocol (SFTP) are both used for transferring files over networks, but they differ significantly in terms of security. FTP is an older protocol that transmits data in plain text, making it vulnerable to interception and unauthorized access. It typically uses separate connections for commands and data transfer, operating on ports 20 and 21. SFTP, on the other hand, is a secure version that runs over the SSH protocol, encrypting both authentication credentials and file transfers. It uses a single connection on port 22, providing better firewall compatibility. SFTP offers stronger authentication methods and integrity checking, making it the preferred choice for secure file transfers in modern networks. While FTP is simpler and may be faster in some scenarios, its lack of built-in encryption makes it unsuitable for transmitting sensitive information, leading many organizations to adopt SFTP or other secure alternatives to protect their data during transit. + +Learn more from the following resources: + +- [@article@FTP defined and explained](https://www.fortinet.com/resources/cyberglossary/file-transfer-protocol-ftp-meaning) +- [@video@How to use SFTP commands](https://www.youtube.com/watch?v=22lBJIfO9qQ) diff --git a/src/data/roadmaps/cyber-security/content/ftp@ftYYMxRpVer-jgSswHLNa.md b/src/data/roadmaps/cyber-security/content/ftp@ftYYMxRpVer-jgSswHLNa.md index c8193e6de..7a93e5958 100644 --- a/src/data/roadmaps/cyber-security/content/ftp@ftYYMxRpVer-jgSswHLNa.md +++ b/src/data/roadmaps/cyber-security/content/ftp@ftYYMxRpVer-jgSswHLNa.md @@ -1,33 +1,10 @@ -# FTP +# File Transfer Protocol (FTP) -**File Transfer Protocol (FTP)** is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet. Originally developed in the 1970s, it's one of the earliest protocols for transferring files between computers and remains widely used today. - -## How FTP Works +FTP is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet. Originally developed in the 1970s, it's one of the earliest protocols for transferring files between computers and remains widely used today. FTP operates on a client-server model, where one computer acts as the client (the sender or requester) and the other acts as the server (the receiver or provider). The client initiates a connection to the server, usually by providing a username and password for authentication, and then requests a file transfer. -FTP uses two separate channels to carry out its operations: - -- **Control Channel:** This channel is used to establish the connection between the client and the server and send commands, such as specifying the file to be transferred, the transfer mode, and the directory structure. -- **Data Channel:** This channel is used to transfer the actual file data between the client and the server. - -## FTP Modes - -FTP offers two modes of file transfer: - -- **ASCII mode:** This mode is used for transferring text files. It converts the line endings of the files being transferred to match the format used on the destination system. For example, if the file is being transferred from a Unix system to a Windows system, the line endings will be converted from LF (Unix) to CR+LF (Windows). -- **Binary mode:** This mode is used for transferring binary files, such as images, audio files, and executables. No conversion of the data is performed during the transfer process. - -## FTP Security Concerns - -FTP has some significant security issues, primarily because it was designed before the widespread use of encryption and authentication mechanisms. Some of these concerns include: - -- Usernames and passwords are transmitted in plain text, allowing anyone who can intercept the data to view them. -- Data transferred between the client and server is not encrypted by default, making it vulnerable to eavesdropping. -- FTP does not provide a way to validate a server's identity, leaving it vulnerable to man-in-the-middle attacks. - -To mitigate these security risks, several secure alternatives to the FTP protocol have been developed, such as FTPS (FTP Secure) and SFTP (SSH File Transfer Protocol), which encrypt data transfers and provide additional security features. - -In conclusion, FTP is a commonly used protocol for transferring files between computers over a network. While it is easy to use, it has significant security vulnerabilities that make it a less desirable option for secure file transfers. It's essential to use more secure alternatives like FTPS or SFTP for transferring sensitive data. +Learn more from the following resources: -- [@article@What Is FTP: FTP Explained for Beginners](https://www.hostinger.com/tutorials/what-is-ftp) +- [@video@What is FTP?](https://www.youtube.com/watch?v=HI0Oh4NJqcI) +- [@article@FTP meaning and uses](https://www.investopedia.com/terms/f/ftp-file-transfer-protocol.asp) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/fundamental-it-skills@oimYzZYFXKjgvc7D4c-2u.md b/src/data/roadmaps/cyber-security/content/fundamental-it-skills@oimYzZYFXKjgvc7D4c-2u.md index fa1ddb5ba..eef744c73 100644 --- a/src/data/roadmaps/cyber-security/content/fundamental-it-skills@oimYzZYFXKjgvc7D4c-2u.md +++ b/src/data/roadmaps/cyber-security/content/fundamental-it-skills@oimYzZYFXKjgvc7D4c-2u.md @@ -1,69 +1,7 @@ # Fundamental IT Skills -Basic IT skills are the foundation for understanding and navigating the digital world, as well as playing a crucial role in cyber security. Given below are some essential IT skills that will help you enhance your experience with technology and better protect your digital assets. +Fundamental IT skills form the backbone of cybersecurity proficiency and encompass a broad range of technical knowledge. These skills include understanding computer hardware and software, networking concepts, and operating systems (particularly Windows and Linux). Proficiency in at least one programming language, such as Python or JavaScript, is increasingly important for automation and scripting tasks. Database management, including SQL, is crucial for handling and securing data. Knowledge of cloud computing platforms like AWS or Azure is becoming essential as organizations migrate to cloud environments. Familiarity with basic cybersecurity concepts such as encryption, access control, and common attack vectors provides a foundation for more advanced security work. Additionally, troubleshooting skills, the ability to interpret logs, and a basic understanding of web technologies are vital. These fundamental IT skills enable cybersecurity professionals to effectively protect systems, identify vulnerabilities, and respond to incidents in increasingly complex technological landscapes. -## Computer Navigation +Learn more from the following resources: -Understanding how to navigate a computer's operating system is a vital skill. This includes knowing how to: - -- Power on/off the device -- Manage files and folders -- Use shortcuts and right-click options -- Install and uninstall software -- Customize settings - -## Internet Usage - -Having a working knowledge of how to navigate the internet will allow you to access information and resources more efficiently. Key skills include: - -- Web browsing -- Internet searching -- Bookmark management -- Downloading files -- Understanding hyperlinks and web addresses -- Recognizing secure websites - -## Email Management - -Communication using email is an essential aspect of the modern digital world. Important email management skills are: - -- Creating and organizing contacts -- Composing, sending, and receiving emails -- Detecting and avoiding spam and phishing emails -- Managing email attachments -- Understanding email etiquette - -## Word Processing - -Word processing is a basic IT skill that is useful in both personal and professional environments. Skills related to word processing include: - -- Formatting text (font, size, bold, italic, etc.) -- Creating and editing documents -- Copying and pasting text -- Inserting images and tables -- Saving and printing documents - -## Software and Application Installation - -Being able to install and manage software can make your experience with technology more efficient and tailored to your needs. Basic software-related skills include: - -- Identifying reliable sources for downloading software -- Installing and updating applications -- Uninstalling unwanted or unnecessary programs -- Configuring applications according to your preferences -- Updating software to prevent vulnerabilities - -## Digital Security Awareness - -As the digital world is constantly evolving, so too are cyber threats. Therefore, remaining vigilant and familiarizing yourself with common cyber security practices is crucial. Some fundamental digital security skills include: - -- Creating strong, unique passwords -- Ensuring a secure and updated Wi-Fi connection -- Recognizing and avoiding phishing attempts -- Keeping software and operating systems updated -- Regularly backing up data - -By honing these basic IT skills, you will be better prepared to navigate and protect your digital life, as well as making the most of the technology at your fingertips. - -- [@video@IT skills Training for beginners | Complete Course](https://www.youtube.com/watch?v=On6dsIp5yw0) -- [@feed@Explore top posts about Career](https://app.daily.dev/tags/career?ref=roadmapsh) +- [@article@Top 10 in demand IT skills](https://www.comptia.org/blog/top-it-skills-in-demand) diff --git a/src/data/roadmaps/cyber-security/content/gcp@tOLA5QPKi6LHl1ljsOMwX.md b/src/data/roadmaps/cyber-security/content/gcp@tOLA5QPKi6LHl1ljsOMwX.md index eeba02890..ad4759dc6 100644 --- a/src/data/roadmaps/cyber-security/content/gcp@tOLA5QPKi6LHl1ljsOMwX.md +++ b/src/data/roadmaps/cyber-security/content/gcp@tOLA5QPKi6LHl1ljsOMwX.md @@ -2,27 +2,7 @@ Google Cloud Platform (GCP) is a collection of cloud computing services offered by Google, which provides infrastructure and platform services to businesses or individuals. It enables users to either build their own applications or services on the provided resources, or utilize ready-to-use services provided by Google. GCP covers a wide range of services, including (but not limited to) compute, storage, databases, networking, and many more. -## Key Features +Learn more from the following resources: -- **Global Infrastructure**: GCP is built on Google's global infrastructure, which ensures high performance, availability, and low latency for applications and services hosted on their platform. - -- **Scalability**: The platform can easily scale up or down based on the user's needs. It allows users to run applications and services on one, tens, or even thousands of virtual machines simultaneously. - -- **Security**: GCP provides robust security measures that include data encryption at rest and in transit by default, as well as compliance with various certifications and regulations. - -- **Easy Integration**: GCP services can be easily integrated with other Google services, such as Google Drive or Google Analytics, to provide more insights and functionality to your applications. - -- **Cost-Effectiveness**: The pay-as-you-go pricing model lets users pay for only the resources they use, without any upfront costs or long-term commitments. - -## Common GCP Services - -- **Compute Engine**: Provides virtual machines (VMs) that can be customized in terms of CPU, memory, storage, etc. You have full control over the VM and can install any software you need. -- **App Engine**: A fully managed platform for building, deploying, and scaling applications without worrying about infrastructure management. Ideal for web applications or mobile app backends. -- **Cloud Functions**: Offers event-driven computing, allowing you to run small pieces of code (functions) in response to specific events (triggers such as HTTP requests or file uploads). -- **Cloud Storage**: A highly scalable and durable object storage solution for unstructured data. -- **Bigtable**: A highly scalable, fully managed NoSQL database suitable for real-time analytics and large-scale data processing. -- **Cloud SQL**: A fully managed relational database service for MySQL, PostgreSQL, or SQL Server databases. -- **Cloud Spanner**: A fully managed, globally distributed relational database service that combines strong consistency, horizontal scaling, and transaction support. -- **Cloud Pub/Sub**: A messaging service that allows you to send and receive messages between independent applications. - -These are just a few of the many services offered by GCP. Leveraging these services can help businesses build and deploy applications in the cloud with ease, while also ensuring that their data and applications are secure and scalable. +- [@official@Google Cloud Platform](https://cloud.google.com) +- [@course@Google Cloud Platform Video Course](https://www.youtube.com/watch?v=fZOz13joN0o) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/giac@ZiUT-lyIBfHTzG-dwSy96.md b/src/data/roadmaps/cyber-security/content/giac@ZiUT-lyIBfHTzG-dwSy96.md index 6f43d6dfc..794fcd297 100644 --- a/src/data/roadmaps/cyber-security/content/giac@ZiUT-lyIBfHTzG-dwSy96.md +++ b/src/data/roadmaps/cyber-security/content/giac@ZiUT-lyIBfHTzG-dwSy96.md @@ -2,30 +2,6 @@ GIAC is a globally recognized organization that provides certifications for information security professionals. Established in 1999, its primary aim is to validate the knowledge and skills of professionals in various cybersecurity domains. GIAC certifications focus on practical and hands-on abilities to ensure that certified individuals possess the necessary expertise to tackle real-world cybersecurity challenges. -## GIAC Certification Categories +Learn more from the following resources: -GIAC certifications are divided into several categories, catering to different aspects of information security: - -- **Cyber Defense**: Certifications tailored to secure an organization's information infrastructure and develop incident response capabilities. -- **Penetration Testing**: Certifications targeting professionals who conduct penetration tests to identify and mitigate security vulnerabilities. -- **Incident Response and Forensics**: Certifications focusing on incident handling, forensics, and the legal aspects of cybersecurity. -- **Management, Audit, Legal and Security Awareness**: Certifications aimed at security managers, auditors, and executives who are responsible for developing and managing security policies and procedures. -- **Industrial Control Systems**: Certifications addressing the unique security requirements of industrial control systems and critical infrastructure. -- **Developer**: Certifications targeting software developers and programmers to help them develop secure applications. - -## GIAC Certification Process - -To obtain a GIAC certification, candidates must pass a comprehensive proctored exam that tests their knowledge and practical skills. The exams are usually associated with corresponding training courses offered by SANS Institute, a leading provider of cybersecurity training. However, taking a SANS course is not mandatory to sit for the exam. Individuals with sufficient knowledge and experience can directly register for a GIAC exam. - -The exams typically consist of multiple-choice questions and can range from 75 to 150 questions, depending on the certification. Candidates are given 2-5 hours to complete the exam, and a passing score varies between 63% and 80%. - -## Benefits of GIAC Certifications - -GIAC-certified professionals are highly sought after due to the rigorous assessment and practical skills they possess. Obtaining a GIAC certification can lead to: - -- Enhanced career prospects -- Higher salary potential -- Peer recognition -- Demonstrated commitment to professional development - -In summary, GIAC certifications are valuable and respected credentials that pave the way for a successful cybersecurity career. By completing a GIAC certification, you validate your expertise and increase your employability in the competitive field of cybersecurity. \ No newline at end of file +- [@official@GIAC Website](https://www.giac.org/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/go@jehVvdz8BnruKjqHMKu5v.md b/src/data/roadmaps/cyber-security/content/go@jehVvdz8BnruKjqHMKu5v.md index 4f068be1c..8cc70c763 100644 --- a/src/data/roadmaps/cyber-security/content/go@jehVvdz8BnruKjqHMKu5v.md +++ b/src/data/roadmaps/cyber-security/content/go@jehVvdz8BnruKjqHMKu5v.md @@ -2,33 +2,8 @@ Go, also known as Golang, is an open-source programming language created by Google. Launched in 2009, it was designed to overcome issues present in other languages and offer a more secure, robust, and efficient development experience. -## Key Features of Go +Learn more from the following resources: -- **Performance**: Go is a statically-typed compiled language, which means that it offers greater performance compared to interpreted programming languages like Python or JavaScript. -- **Concurrency**: One of the strengths of Go is its support for concurrent programming. It uses goroutines to handle multiple tasks simultaneously and efficiently. -- **Simplicity & Readability**: The syntax of Go is straightforward and easy to understand, making it an excellent choice for the development of secure applications. -- **Static Typing & Strong Type Safety**: Go enforces static typing, which helps to detect errors at the development stage and minimize security risks. -- **Standard Library & Collaboration**: Go has a rich standard library, which provides numerous packages for various tasks, such as cryptography, data handling, and communication protocols. - -## Go In Cyber Security - -Go is increasingly becoming popular in the field of cyber security due to its unique features: - -- **Secure Web Development**: Go offers built-in support for handling sensitive data, secure communication protocols like HTTPS, and secure cryptographic methods, which help in developing secure web applications. -- **Network Security**: With its efficient concurrency model, Go is suitable for building network security tools like scanners, proxies, intrusion detection systems, and more. -- **Malware Analysis**: Go's performance and ease of use make it suitable for developing tools to detect, analyze, and reverse engineer malware. -- **Cryptographic Tools & Utility**: Go's standard library covers a wide range of cryptography methods, making it convenient to build secure tools and utilities. -- **Open-Source Software Security**: As an open-source language, Go attracts a large community of developers who collaborate and continuously improve its security features. - -## Go Resources - -To get started with Go, consider leveraging the following resources: - -- [@article@Official Go Documentation](https://golang.org/doc/) -- [@article@Go by Example](https://gobyexample.com/) -- [@article@A Tour of Go](https://tour.golang.org/) -- [@article@The Go Programming Language book](http://www.gopl.io/) -- [@course@Golang Courses on Udemy, Coursera, and Pluralsight](https://www.udemy.com/topic/go/) -- [@feed@Explore top posts about Golang](https://app.daily.dev/tags/golang?ref=roadmapsh) - -As you learn and incorporate Go into your cyber security toolkit, you will find it to be a versatile and valuable language in building secure, efficient, and reliable tools and applications. +- [@roadmap@Go Roadmap](https://roadmap.sh/golang) +- [@video@Go in 100 seconds](https://www.youtube.com/watch?v=446E-r0rXHI) +- [@course@Go tutorial for beginners](https://www.youtube.com/watch?v=yyUHQIec83I) diff --git a/src/data/roadmaps/cyber-security/content/google-drive@fTZ4PqH-AMhYA_65w4wFO.md b/src/data/roadmaps/cyber-security/content/google-drive@fTZ4PqH-AMhYA_65w4wFO.md index 47d6a6800..09dcb091c 100644 --- a/src/data/roadmaps/cyber-security/content/google-drive@fTZ4PqH-AMhYA_65w4wFO.md +++ b/src/data/roadmaps/cyber-security/content/google-drive@fTZ4PqH-AMhYA_65w4wFO.md @@ -2,19 +2,6 @@ Google Drive is a cloud-based storage solution provided by Google, which offers users the ability to store, share, and collaborate on files and documents across different platforms and devices. It is integrated with Google's productivity suite, including Google Docs, Sheets, Slides, and Forms, allowing seamless collaboration with team members in real-time. -## Key Features +Learn more from the following resources: -- **Storage Capacity:** Google Drive offers 15 GB of free storage for individual users, with the option to upgrade to additional storage plans with a subscription. -- **File Sharing and Collaboration:** You can share files, folders, or your entire drive with others, allowing them to view, edit, or comment on your documents. Collaboration features include real-time editing and support for multiple users. -- **Data Security:** Google Drive encrypts data in transit and at rest, ensuring that your files are protected from unauthorized access. Additionally, you can manage user permissions and expiration dates for shared files. -- **Version History:** Drive keeps track of changes made to your documents, allowing you to view or revert to previous versions any time. -- **Multi-platform Support:** Drive can be accessed through the web, as well as through desktop and mobile apps for Windows, macOS, Android, and iOS devices. -- **Integration with Google Workspace:** Google Drive is seamlessly integrated with other Google Workspace applications like Google Docs, Sheets, Slides, and Forms for a fully integrated, cloud-based productivity suite. - -## Tips for Using Google Drive Securely - -- **Enable Two-Factor Authentication (2FA):** Implement 2FA on your Google account to add an extra layer of security during login. -- **Regularly Review Permissions:** Periodically review file and folder sharing permissions to ensure that access is granted only to necessary parties. -- **Be Cautious with External Sharing:** Avoid sharing sensitive information with external users, and consider using expiring links or password protection for sensitive files. -- **Employ Strong Passwords:** Utilize unique and complex passwords for your Google account to mitigate the risk of unauthorized access. -- **Monitor Activity:** Leverage built-in Google Drive tools to audit user activity and identify potential security threats. +- [@official@Google Drive Website](https://drive.google.com) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/google-suite@IOK_FluAv34j3Tj_NvwdO.md b/src/data/roadmaps/cyber-security/content/google-suite@IOK_FluAv34j3Tj_NvwdO.md index e732eff21..af45a9046 100644 --- a/src/data/roadmaps/cyber-security/content/google-suite@IOK_FluAv34j3Tj_NvwdO.md +++ b/src/data/roadmaps/cyber-security/content/google-suite@IOK_FluAv34j3Tj_NvwdO.md @@ -1,33 +1,7 @@ -# Google Suite +# Google Workspace (Formerly G Suite) -Google Suite, also known as G Suite or Google Workspace, is a collection of cloud-based productivity and collaboration tools developed by Google. These tools are designed to help individuals and businesses collaborate more efficiently and effectively. Here is a summary of some of the most popular tools in Google Suite: +Google Workspace, formerly known as G Suite, is a collection of cloud-based productivity and collaboration tools developed by Google. It includes popular applications such as Gmail for email, Google Drive for file storage and sharing, Google Docs for document creation and editing, Google Sheets for spreadsheets, and Google Meet for video conferencing. From a cybersecurity perspective, Google Workspace presents both advantages and challenges. It offers robust built-in security features like two-factor authentication, encryption of data in transit and at rest, and advanced threat protection. However, its cloud-based nature means organizations must carefully manage access controls, data sharing policies, and compliance with various regulations. Security professionals must be vigilant about potential phishing attacks targeting Google accounts, data leakage through improper sharing settings, and the risks associated with third-party app integrations. Understanding how to properly configure and monitor Google Workspace is crucial for maintaining the security of an organization's collaborative environment and protecting sensitive information stored within these widely-used tools. -## Google Drive +Learn more from the following resources: -Google Drive is a cloud storage service that allows users to store files, sync them across devices, and easily share them with others. With Google Drive, users get 15 GB of free storage, while more storage can be purchased as needed. - -## Google Docs, Sheets, and Slides - -These are the office suite tools that include a word processor (Docs), a spreadsheet program (Sheets), and a presentation program (Slides). All of these applications are web-based, allowing users to create, edit, and share documents in real-time with colleagues or collaborators. They also come with a variety of built-in templates, making it easier for users to quickly create and format their documents. - -## Google Forms - -Google Forms is a tool for creating custom online forms and surveys. Users can design forms with various question types, including multiple-choice, dropdown, and text-based questions. The data collected from the forms can be automatically organized and analyzed in Google Sheets. - -## Google Calendar - -A powerful scheduling tool, Google Calendar allows users to create and manage individual or shared calendars. Users can create events, invite attendees, and set reminders for themselves or others. Google Calendar also integrates with Gmail, allowing users to create and update events directly from their email. - -## Gmail - -Gmail is a widely-used email service that provides a clean and user-friendly interface, powerful search capabilities, and excellent spam filtering. Gmail also integrates with other Google tools, making it a seamless part of the overall suite. - -## Google Meet - -Google Meet is a video conferencing tool that allows users to host and join secure video meetings. With a G Suite account, users can schedule and join meetings directly from Google Calendar. Google Meet also supports screen sharing, breakout rooms, and live captioning during meetings. - -## Google Chat - -Google Chat is a communication platform for teams that provides direct messaging, group conversations, and virtual meeting spaces. Users can create chat rooms for specific projects or topics, collaborate on documents in real-time, and make use of Google Meet for video chats. - -These are just some of the many tools offered by Google Suite. This platform is a popular choice for individuals, teams, and organizations looking for a comprehensive and efficient way to manage their work and communication needs. +- [@official@Google Workspace Website](https://workspace.google.com/intl/en_uk/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/gpen@t4h9rEKWz5Us0qJKXhxlX.md b/src/data/roadmaps/cyber-security/content/gpen@t4h9rEKWz5Us0qJKXhxlX.md index 2161f2edf..3993f80cd 100644 --- a/src/data/roadmaps/cyber-security/content/gpen@t4h9rEKWz5Us0qJKXhxlX.md +++ b/src/data/roadmaps/cyber-security/content/gpen@t4h9rEKWz5Us0qJKXhxlX.md @@ -1,32 +1,8 @@ # GPEN -The **GIAC Penetration Tester (GPEN)** certification is an advanced-level credential designed for professionals who want to demonstrate their expertise in the field of penetration testing and ethical hacking. Created by the Global Information Assurance Certification (GIAC) organization, GPEN validates an individual's ability to conduct legal, systematic, and effective penetration tests to assess the security of computer networks, systems, and applications. +The GIAC Penetration Tester (GPEN) certification is an advanced-level credential designed for professionals who want to demonstrate their expertise in the field of penetration testing and ethical hacking. Created by the Global Information Assurance Certification (GIAC) organization, GPEN validates an individual's ability to conduct legal, systematic, and effective penetration tests to assess the security of computer networks, systems, and applications. -## Key Topics +Learn more from the following resources: -- **Reconnaissance:** Utilize various methods to gather information on a target's infrastructure, services, and vulnerabilities. -- **Scanning:** Employ tools and techniques to actively probe and evaluate target systems, including Nmap, Nessus, and Metasploit. -- **Exploitation:** Understand how to exploit vulnerabilities effectively, including buffer overflow attacks, SQL injection, and browser-based attacks. -- **Password Attacks:** Employ password cracking tools and techniques to bypass authentication mechanisms. -- **Wireless and Monitoring**: Identify and exploit wireless networks, as well as monitor network traffic to uncover useful information. -- **Post Exploitation**: Perform post-exploitation activities like privilege escalation, lateral movement, and data exfiltration. -- **Legal and Compliance**: Understand the legal considerations involved in penetration testing, and follow industry best practices and standards. - -## Target Audience - -The GPEN certification is primarily aimed at cybersecurity professionals, network administrators, security consultants, and penetration testers looking to enhance their skills and reinforce their credibility in the industry. - -## Preparing for the GPEN Exam - -To prepare for the GPEN exam, candidates are recommended to have a strong foundation in the fundamentals of cybersecurity, networking, and ethical hacking. GIAC offers a comprehensive training course called "SEC560: Network Penetration Testing and Ethical Hacking" which aligns with the GPEN exam objectives. However, self-study using other resources like books, articles, and online tutorials is also a viable option. - -## Exam Details - -- **Number of Questions:** 115 -- **Type of Questions:** Multiple-choice -- **Duration:** 3 hours -- **Passing Score:** 74% -- **Exam Delivery:** Proctored, Online or at a testing center -- **Cost:** $1,999 USD (Includes one retake) - -Upon successfully passing the exam, candidates will receive the GIAC Penetration Tester certification, which is valid for four years. To maintain the certification, professionals must earn plus 36 Continuing Professional Education (CPE) credits every two years and pay a maintenance fee to keep their credentials active. \ No newline at end of file +- [@official@GPEN Certification Website](https://www.giac.org/certifications/penetration-tester-gpen/) +- [@article@What is the GPEN Certification?](https://hackernoon.com/what-is-the-giac-penetration-tester-gpen-certification) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/grep@Dfz-6aug0juUpMmOJLCJ9.md b/src/data/roadmaps/cyber-security/content/grep@Dfz-6aug0juUpMmOJLCJ9.md index 32b411c05..6f9adbba3 100644 --- a/src/data/roadmaps/cyber-security/content/grep@Dfz-6aug0juUpMmOJLCJ9.md +++ b/src/data/roadmaps/cyber-security/content/grep@Dfz-6aug0juUpMmOJLCJ9.md @@ -2,50 +2,7 @@ Grep is a powerful command-line tool used for searching and filtering text, primarily in Unix-based systems. Short for "global regular expression print", grep is widely used for its ability to search through files and directories, and find lines that match a given pattern. It is particularly useful for incident response and discovery tasks, as it helps you identify specific occurrences of potentially malicious activities within large amounts of log data. -In this section, we will cover the basics of grep and how to wield its power for efficient incident response. +Learn more from the following resources: -## Basic Syntax - -The basic syntax of grep is as follows: - -``` -grep [options] pattern [files/directories] -``` - -- `options`: Modify the behavior of grep (e.g., case-insensitive search, display line numbers) -- `pattern`: The search pattern, which can be a fixed string, a regular expression, or a combination of both -- `files/directories`: The target files or directories to search - -## Common Grep Options - -Here are some commonly used grep options: - -- `-i`: Perform a case-insensitive search -- `-v`: Invert the search, returning lines that do not match the pattern -- `-n`: Display line numbers for matching lines -- `-r`: Recursively search directories -- `-c`: Display the count of matching lines - -## Sample Use Cases - -- Case-insensitive search for the word "password": - -``` -grep -i "password" /var/log/syslog -``` - -- Display line numbers for lines containing "error" in log files: - -``` -grep -n "error" /var/log/*.log -``` - -- Search for IP addresses in a web server access log: - -``` -grep -E -o "([0-9]{1,3}\.){3}[0-9]{1,3}" /var/log/apache2/access.log -``` - -## Conclusion - -Grep is an indispensable tool for incident response and discovery tasks in cyber security. It allows you to quickly pinpoint specific patterns in large volumes of data, making it easier to identify potential threats and respond accordingly. As you become more proficient with grep and its wide array of options, you'll gain a valuable resource in your cyber security toolkit. \ No newline at end of file +- [@article@grep command in Linux](https://www.digitalocean.com/community/tutorials/grep-command-in-linux-unix) +- [@video@The grep command](https://www.youtube.com/watch?v=Tc_jntovCM0) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/group-policy@FxuMJmDoDkIsPFp2iocFg.md b/src/data/roadmaps/cyber-security/content/group-policy@FxuMJmDoDkIsPFp2iocFg.md index 9afd06ae3..c82b54808 100644 --- a/src/data/roadmaps/cyber-security/content/group-policy@FxuMJmDoDkIsPFp2iocFg.md +++ b/src/data/roadmaps/cyber-security/content/group-policy@FxuMJmDoDkIsPFp2iocFg.md @@ -2,26 +2,11 @@ _Group Policy_ is a feature in Windows operating systems that enables administrators to define and manage configurations, settings, and security policies for various aspects of the users and devices in a network. This capability helps you to establish and maintain a consistent and secure environment, which is crucial for organizations of all sizes. -## How Group Policy Works - Group Policy works by maintaining a hierarchy of _Group Policy Objects_ (GPOs), which contain multiple policy settings. GPOs can be linked to different levels of the Active Directory (AD) structure, such as domain, site, and organizational unit (OU) levels. By linking GPOs to specific levels, you can create an environment in which different settings are applied to different groups of users and computers, depending on their location in the AD structure. When a user logs in or a computer starts up, the relevant GPOs from the AD structure get evaluated to determine the final policy settings. GPOs are processed in a specific order — local, site, domain, and OUs, with the latter having the highest priority. This order ensures that you can have a baseline set of policies at the domain level, with more specific policies applied at the OU level, as needed. -## Common Group Policy Scenarios - -Here are some typical scenarios in which Group Policy can be utilized to enforce security policies and settings: - -- **Password Policies**: You can use Group Policy to define minimum password length, complexity requirements, password history, and maximum password age for all users within the domain. This ensures a consistent level of password security across the organization. - -- **Account Lockout Policies**: Group Policy allows you to specify conditions under which user accounts will be locked out, such as after a specific number of failed login attempts. This helps to thwart brute-force attacks. - -- **Software Deployment**: Deploy and manage the installation of software packages and security updates across the entire network. Ensure that all devices are running the latest, most secure software versions. - -- **Device Security**: Apply configurations to enforce encryption, firewall settings, and other security-related device settings to protect your organization's network and sensitive data. - -- **User Rights Assignment**: Control various user rights, such as the ability to log in locally or remotely, access this computer from the network, or shut down the system. - -- **Restricted Groups**: Manage group memberships, including local administrator groups, to ensure that only authorized users have elevated privileges on targeted devices. +Learn more from the following resources: -By understanding and leveraging the capabilities of Group Policy, you can establish a robust and secure environment that meets your organization's specific requirements. Keep in mind that maintaining a well-documented, granular, and least-privileged approach to Group Policy settings will help ensure a manageable and resilient security posture. +- [@official@Group Policy overview](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831791(v=ws.11)) +- [@video@Learn Windows Group Policy the easy way!](https://www.youtube.com/watch?v=rEhTzP-ScBo) diff --git a/src/data/roadmaps/cyber-security/content/gsec@nlmATCTgHoIoMcEOW8bUW.md b/src/data/roadmaps/cyber-security/content/gsec@nlmATCTgHoIoMcEOW8bUW.md index 4f293192a..a586e3ea6 100644 --- a/src/data/roadmaps/cyber-security/content/gsec@nlmATCTgHoIoMcEOW8bUW.md +++ b/src/data/roadmaps/cyber-security/content/gsec@nlmATCTgHoIoMcEOW8bUW.md @@ -1,32 +1,7 @@ # GSEC -The **GIAC Security Essentials Certification (GSEC)** is an advanced cybersecurity certification that demonstrates an individual's knowledge and skills in addressing security threats and vulnerabilities in various systems. Developed by the Global Information Assurance Certification (GIAC), this certification is suitable for security professionals, IT managers, and network administrators who want to enhance their expertise in the core cybersecurity concepts and practices. +The GIAC Security Essentials Certification (GSEC) is an advanced cybersecurity certification that demonstrates an individual's knowledge and skills in addressing security threats and vulnerabilities in various systems. Developed by the Global Information Assurance Certification (GIAC), this certification is suitable for security professionals, IT managers, and network administrators who want to enhance their expertise in the core cybersecurity concepts and practices. -## Key Features of GSEC +Learn more from the following resources: -- **Comprehensive coverage of security concepts**: GSEC covers a wide range of cybersecurity topics, including risk management, cryptography, access control, authentication, network security, wireless security, web application security, and incident response. -- **Hands-on approach**: GSEC focuses on practical, real-world situations and encourages students to develop problem-solving skills through hands-on labs and exercises. -- **Vendor-neutral**: Unlike other certifications that focus on specific technologies or tools, GSEC is vendor-neutral and teaches concepts and techniques that can be applied in various environments and platforms. -- **Globally recognized**: GSEC is a widely acknowledged certification among security professionals, and receiving it can help boost an individual's career in the cybersecurity industry. - -## GSEC Exam Details - -The GSEC exam consists of 180 questions, and candidates have a total of 5 hours to complete the test. The minimum passing score is 73%. The exam covers the following domains: - -- Active defense concepts -- Authentication and access control -- Basic understanding of cryptographic concepts -- Incident handling and response -- IP networking concepts and network security -- Security policy and contingency planning - -## Preparing for the GSEC Exam - -To prepare for the GSEC exam, you can use the following resources: - -- **GIAC's official training courses**: GIAC offers a comprehensive training course, known as "SEC401: Security Essentials Boot- camp Style," to help students develop the necessary knowledge and skills for the GSEC certification exam. This course is available in various formats, including online, classroom-based, and on-demand. -- **Study materials**: You can find several study guides, practice exams, and books specifically designed for GSEC exam preparation. These resources can help you deepen your understanding of the GSEC exam objectives and practice your skills through hands-on exercises. -- **Online forums and study groups**: Participate in online forums and study groups related to GSEC and cybersecurity in general. These platforms can provide valuable insights, tips, and experiences from other security professionals and candidates preparing for the exam. -- **GSEC Practice Exams**: GIAC offers two practice exams for the GSEC certification, which are an excellent way to assess your knowledge and identify areas that may require further attention. - -By obtaining the GSEC certification, you will demonstrate your advanced knowledge and skills in cybersecurity, showcasing your ability to protect information systems and networks effectively. This certification can be a significant asset to your career and help you stand out in the competitive cybersecurity job market. \ No newline at end of file +- [@official@GSEC Certification Website](https://www.giac.org/certifications/security-essentials-gsec/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/guestos@LocGETHz6ANYinNd5ZLsS.md b/src/data/roadmaps/cyber-security/content/guestos@LocGETHz6ANYinNd5ZLsS.md index ea276853e..a2c9d7452 100644 --- a/src/data/roadmaps/cyber-security/content/guestos@LocGETHz6ANYinNd5ZLsS.md +++ b/src/data/roadmaps/cyber-security/content/guestos@LocGETHz6ANYinNd5ZLsS.md @@ -1,27 +1,8 @@ # GuestOS -A Guest OS (Operating System) is an essential component in virtualization. It is an operating system that runs within a virtual machine (VM) created by a host operating system or a hypervisor. In this scenario, multiple guest operating systems can operate on a single physical host machine, sharing resources provided by the host. +A Guest Operating System (Guest OS) refers to an operating system that runs within a virtual machine (VM) environment, managed by a hypervisor or virtual machine monitor. In virtualization technology, the Guest OS operates as if it were running on dedicated physical hardware, but it's actually sharing resources with the host system and potentially other guest systems. This concept is crucial in cybersecurity for several reasons. It allows for isolation of systems, enabling secure testing environments for malware analysis or vulnerability assessments. Guest OSes can be quickly deployed, cloned, or reset, facilitating rapid incident response and recovery. However, they also introduce new security considerations, such as potential vulnerabilities in the hypervisor layer, escape attacks where malware breaks out of the VM, and resource contention issues. Properly configuring, patching, and monitoring Guest OSes is essential for maintaining a secure virtualized infrastructure, balancing the benefits of flexibility and isolation with the need for robust security measures. -## Key Features of Guest OS +Learn more from the following resources: -- **Resource Sharing**: The guest OS shares the host's resources, such as CPU, memory, and storage, while having a virtualized environment of its own. -- **Isolation**: Each guest OS operates independently of others on the same host machine, ensuring that the performance or security of one system does not affect the others. -- **Customization**: You can install and manage different types of guest operating systems on the same host, catering to specific requirements or user preferences. -- **Portability**: The guest OS and its associated data can be easily moved to another host machine, simplifying the management of multiple systems for businesses and individuals. - -## Use Cases for Guest OS - -- **Testing and Development**: By providing a separate environment to experiment with different applications, guest operating systems are appropriate for testing and development. -- **Security**: Sandbox environments can be created within the guest OS for analyzing malware or executing potentially unsafe applications, without affecting the host machine's performance or security. -- **Legacy Applications**: Some older applications may not be compatible with modern operating systems. Having a guest OS with an older OS version helps to run these legacy applications. -- **Resource Optimization**: Virtualization enables businesses to make the most of their hardware investments, as multiple guest OS can share the resources of a single physical machine. - -## Guest OS Management - -To manage guest operating systems effectively, you must use virtualization software or a hypervisor. Some popular options include: - -- **VMware**: VMware provides tools like VMware Workstation and Fusion to create, manage, and run guest OS within virtual machines. -- **Oracle VirtualBox**: Oracle's VirtualBox is an open-source hypervisor that supports the creation and management of guests operating systems across multiple host OS platforms. -- **Microsoft Hyper-V**: Microsoft's free hypervisor solution, Hyper-V, is capable of creating and managing guest operating systems on Windows-based host machines. - -In conclusion, a guest operating system plays a vital role in virtualization, allowing users to operate multiple OS within virtual machines on a single host, optimizing resources, and providing the flexibility to work with a variety of applications and environments. +- [@article@What is a Guest Operating System?](https://www.techtarget.com/searchitoperations/definition/guest-OS-guest-operating-system) +- [@article@Guest Operating System](https://nordvpn.com/cybersecurity/glossary/guest-operating-system/?srsltid=AfmBOop0L-VFCtuYvEBQgHy7dCIa3sfzNVa-Zn6l0SniAYDpftfOgH7N) diff --git a/src/data/roadmaps/cyber-security/content/gwapt@rwniCTWfYpKP5gi02Pa9f.md b/src/data/roadmaps/cyber-security/content/gwapt@rwniCTWfYpKP5gi02Pa9f.md index 2cdbe6065..43638675c 100644 --- a/src/data/roadmaps/cyber-security/content/gwapt@rwniCTWfYpKP5gi02Pa9f.md +++ b/src/data/roadmaps/cyber-security/content/gwapt@rwniCTWfYpKP5gi02Pa9f.md @@ -1,34 +1,7 @@ # GWAPT -The **GIAC Web Application Penetration Tester (GWAPT)** certification validates an individual's ability to perform in-depth web application security assessments and exploit vulnerabilities. GWAPT focuses on using ethical hacking methodologies to conduct web application penetration testing with the goal of identifying, evaluating, and mitigating security risks. +The GIAC Web Application Penetration Tester (GWAPT) certification validates an individual's ability to perform in-depth web application security assessments and exploit vulnerabilities. GWAPT focuses on using ethical hacking methodologies to conduct web application penetration testing with the goal of identifying, evaluating, and mitigating security risks. -## Key Concepts +Learn more from the following resources: -The GWAPT certification covers several key concepts and areas, including but not limited to: - -- **Web Application Security:** Knowledge of various web application security concepts, such as authentication mechanisms, session management, input validation, and access control. -- **Testing Methodologies:** Understanding and application of web application penetration testing methodologies, such as OWASP Testing Guide and OWASP ASVS. -- **Vulnerability Identification and Exploitation:** Identifying, exploiting, and assessing the impact of common web application vulnerabilities such as XSS, CSRF, SQL Injection, and others. -- **Tools and Techniques:** Mastery of various web application testing tools, such as Burp Suite, WebInspect, and others. -- **Report Preparation and Presentation:** Ability to document and present findings in a clear, concise manner, which can be understood by both technical and non-technical audiences. - -## Certification Process - -To attain the GWAPT certification, candidates must: - -- Register for the GWAPT exam through the GIAC website (www.giac.org). -- Prepare for the exam by undergoing various training methods, such as attending the SEC542: Web App Penetration Testing and Ethical Hacking course by SANS, self-study, attending workshops, or gaining hands-on experience. -- Pass the proctored 75-question multiple-choice exam with a minimum score of 68% within the 2-hour time limit. -- Maintain the certification by earning 36 Continuing Professional Experience (CPE) credits every four years and paying the renewal fee. - -## Who Should Pursue GWAPT Certification? - -The GWAPT certification is aimed at professionals who are involved in web application security, such as penetration testers, security analysts, or application developers. Obtaining this certification demonstrates a high level of technical skill and knowledge in web application security testing, making it a valuable addition to any cybersecurity professional's credentials. - -## Benefits of GWAPT Certification - -- Validates your skills and knowledge in web application security testing. -- Enhances your professional credibility and marketability in the cybersecurity industry. -- Provides a competitive edge over non-certified individuals. -- Demonstrates a commitment to staying current with industry advancements and best practices. -- Assists in advancing your career by meeting employer or client requirements for certified professionals. \ No newline at end of file +- [@official@GWAPT Certification Website](https://www.giac.org/certifications/web-application-penetration-tester-gwapt/) diff --git a/src/data/roadmaps/cyber-security/content/hackthebox@wkuE_cChPZT2MHyGjUuU4.md b/src/data/roadmaps/cyber-security/content/hackthebox@wkuE_cChPZT2MHyGjUuU4.md index 76fa36cfe..b72d899cd 100644 --- a/src/data/roadmaps/cyber-security/content/hackthebox@wkuE_cChPZT2MHyGjUuU4.md +++ b/src/data/roadmaps/cyber-security/content/hackthebox@wkuE_cChPZT2MHyGjUuU4.md @@ -2,30 +2,7 @@ Hack The Box (HTB) is a popular online platform designed for security enthusiasts, penetration testers, and ethical hackers to develop and enhance their skills by engaging in real-world cybersecurity challenges. The platform provides a wide array of virtual machines (VMs), known as "boxes," each with a unique set of security vulnerabilities to exploit. -## Features of Hack The Box +Learn more from the following resources: -- **Lab Environment:** HTB offers a secure and legal environment for hacking challenges. The platform provides a VPN connection to a private network where the vulnerable machines (boxes) are hosted. - -- **Various Difficulty Levels:** The boxes on HTB come in varying levels of difficulty (easy, medium, hard, and insane), allowing users of different skill levels to participate and learn progressively. - -- **New Challenges Regularly:** New boxes are added to the platform regularly, ensuring that participants can continuously learn and enhance their cybersecurity skills. - -- **Community-driven:** The HTB community often collaborates and shares knowledge, techniques, and experiences, fostering a sense of camaraderie among members. - -- **Competition:** Users can compete against one another by attempting to solve challenges as quickly as possible and get to the top of the leaderboard. - -## Participation Process - -- **Registration:** To get started with HTB, you will need to register for an account on the platform. Interestingly, the registration itself is a hacking challenge where you are required to find an invite code using your web application penetration testing skills. This unique invitation process ensures that only interested and skilled individuals join the community. - -- **Connect to the VPN:** After registration, connect to the HTB private network using the provided VPN configuration file. This allows you to access the lab environment and the boxes. - -- **Select a Box and Hack it:** Browse the list of available boxes, select one that suits your skill level, and start hacking! Each box has a specific set of objectives like finding particular files, referred to as "flags," that are hidden on the machines. These flags contain proof of your exploit and are used for scoring and ranking purposes. - -- **Submit Flags and Write-ups:** Upon solving a challenge, submit the flags you found to gain points and secure your spot on the leaderboard. Additionally, once a box is retired from the platform, you can create and share write-ups of your solution technique with the community. - -Hack The Box is an excellent resource for anyone looking to enhance their cybersecurity skills or explore the ethical hacking domain. Whether you're a beginner or a seasoned expert, HTB offers an engaging and collaborative environment to learn and grow as a cybersecurity professional. - -- [@official@HackTheBox website](https://www.hackthebox.com/) -- [@article@HTB Academy ](https://academy.hackthebox.com/) -- [@feed@Explore top posts about Security](https://app.daily.dev/tags/security?ref=roadmapsh) \ No newline at end of file +- [@official@Hack The Box Website](https://www.hackthebox.com/) +- [@video@I played HTB for 30 days, heres what I learnt](https://www.youtube.com/watch?v=bPv5pb7AcYs) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/hashing@0UZmAECMnfioi-VeXcvg8.md b/src/data/roadmaps/cyber-security/content/hashing@0UZmAECMnfioi-VeXcvg8.md index ff114acf9..bd40506ed 100644 --- a/src/data/roadmaps/cyber-security/content/hashing@0UZmAECMnfioi-VeXcvg8.md +++ b/src/data/roadmaps/cyber-security/content/hashing@0UZmAECMnfioi-VeXcvg8.md @@ -1,35 +1,8 @@ # Hashing -In this section, we will discuss the concept of _hashing_, an important cryptographic primitive, and its multiple applications in the realm of cyber security. +Hashing is a cryptographic process that converts input data of any size into a fixed-size string of characters, typically a hexadecimal number. This output, called a hash value or digest, is unique to the input data and serves as a digital fingerprint. Unlike encryption, hashing is a one-way process, meaning it's computationally infeasible to reverse the hash to obtain the original data. In cybersecurity, hashing is widely used for password storage, data integrity verification, and digital signatures. Common hashing algorithms include MD5 (now considered insecure), SHA-256, and bcrypt. Hashing helps detect unauthorized changes to data, as even a small alteration in the input produces a significantly different hash value. However, the strength of a hash function is crucial, as weak algorithms can be vulnerable to collision attacks, where different inputs produce the same hash, potentially compromising security measures relying on the uniqueness of hash values. -**What is Hashing?** +Learn more from the following resources: -A _hash function_ is a mathematical algorithm that takes an input (or 'message') and returns a fixed-size string of bytes, usually in the form of a hexadecimal number. The output is called the _hash value_ or simply, the _hash_. Some characteristics of a good hash function are: - -- _Deterministic_: The same input will always result in the same hash output. -- _Efficient_: The time taken to compute the hash should be as quick as possible. -- _Avalanche Effect_: A tiny change in the input should result in a drastically different hash output. -- _One-way Function_: It should be computationally infeasible to reverse-engineer the input from its hash output. -- _Collision Resistance_: It should be extremely unlikely to find two different inputs that produce the same hash output. - -**Common Hashing Algorithms** - -There are several widely used hashing algorithms with different strengths and weaknesses. Some of the most common ones include: - -- MD5 (Message Digest 5): Produces a 128-bit hash value. It is no longer considered secure due to vulnerability to collision attacks. -- SHA-1 (Secure Hash Algorithm 1): Generates a 160-bit hash value. Like MD5, it is no longer considered secure due to collision attacks and is being phased out. -- SHA-256 and SHA-512: Part of the SHA-2 family, SHA-256 produces a 256-bit hash value, while SHA-512 generates a 512-bit hash value. Both are widely adopted and considered secure. - -**Applications of Hashing** - -Hashing is a versatile mechanism and serves many purposes in cyber security, such as: - -- _Data Integrity_: Hashing can be used to ensure that a file or piece of data hasn't been altered or tampered with. Comparing the hash value of the original and received data can determine if they match. - -- _Password Storage_: Storing users' passwords as hashes makes it difficult for attackers to obtain the plain-text passwords even if they gain access to the stored hashes. - -- _Digital Signatures_: Digital signatures often rely on cryptographic hash functions to verify the integrity and authenticity of a message or piece of data. - -- _Proof of Work_: Hash functions are employed in consensus algorithms like the one used in Bitcoin mining, as they can solve computational challenges. - -In conclusion, hashing is a crucial technique in ensuring data integrity and maintaining security in various areas of cyber security. Understanding and adopting secure hashing algorithms is an essential skill for any cyber security professional. +- [@video@Hashing Explained](https://www.youtube.com/watch?v=EOe1XUykdP4) +- [@article@What is hashing and how does it work?](https://www.techtarget.com/searchdatamanagement/definition/hashing) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/head@VNmrb5Dm4UKUgL8JBfhnE.md b/src/data/roadmaps/cyber-security/content/head@VNmrb5Dm4UKUgL8JBfhnE.md index 736be2b64..af23ace68 100644 --- a/src/data/roadmaps/cyber-security/content/head@VNmrb5Dm4UKUgL8JBfhnE.md +++ b/src/data/roadmaps/cyber-security/content/head@VNmrb5Dm4UKUgL8JBfhnE.md @@ -1,61 +1,8 @@ # head -## Summary - `head` is a versatile command-line utility that enables users to display the first few lines of a text file, by default it shows the first 10 lines. In case of incident response and cyber security, it is a useful tool to quickly analyze logs or configuration files while investigating potential security breaches or malware infections in a system. -## Usage - -The basic syntax of `head` command is as follows: - -``` -head [options] [file(s)] -``` - -Where `options` are flags that could be used to modify the output and `[file(s)]` are the input file(s) for which you want to display the first few lines. - -## Examples - -- Display the first 10 lines of a file: - -``` -head myfile.txt -``` - -- You can change the number of lines to display using `-n` flag: - -``` -head -n 20 myfile.txt -``` - -- To display the first 5 lines of multiple files: - -``` -head -n 5 file1.txt file2.txt -``` - -- Another helpful flag is `-q` or `--quiet`, which avoids displaying file headers when viewing multiple files: - -``` -head -q -n 5 file1.txt file2.txt -``` - -## Application in Incident Response - -During an incident response, the `head` command helps to quickly analyze logs and files to identify potential malicious activity or errors. You can use `head` to peek into logs at the early stages of an investigation, and once you have gathered enough information, you can move on to more advanced tools to analyze the data in depth. - -For example: - -- Check the first 5 lines of the system log for any potential issues: - -``` -head -n 5 /var/log/syslog -``` - -- Analyze the beginning of a large log file without loading the entire file: - -``` -head -n 100 /var/log/large-log-file.log -``` +Learn more from the following resources: -In summary, the `head` command is a handy tool for preliminary analysis of log files that can save crucial time during an incident response. However, for more in-depth analysis, other tools and techniques should be employed. \ No newline at end of file +- [@video@Head and Tail commands](https://www.youtube.com/watch?v=5EqL6Fc7NNw) +- [@article@The Head and Tail commands in Linux](https://www.baeldung.com/linux/head-tail-commands) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/hips@l5EnhOCnkN-RKvgrS9ylH.md b/src/data/roadmaps/cyber-security/content/hips@l5EnhOCnkN-RKvgrS9ylH.md index 967bc2720..4a3bd13cd 100644 --- a/src/data/roadmaps/cyber-security/content/hips@l5EnhOCnkN-RKvgrS9ylH.md +++ b/src/data/roadmaps/cyber-security/content/hips@l5EnhOCnkN-RKvgrS9ylH.md @@ -1,9 +1,9 @@ -# Host Intrusion Prevention System (HIPS) - -A Host Intrusion Prevention System (HIPS) is a security solution designed to monitor and protect individual host devices, such as servers, workstations, or laptops, from malicious activities and security threats. HIPS actively monitors system activities and can detect, prevent, and respond to unauthorized or anomalous behavior by employing a combination of signature-based, behavior-based, and heuristic detection methods. - -HIPS operates at the host level, providing a last line of defense by securing the individual endpoints within a network. It is capable of preventing a wide range of attacks, including zero-day exploits, malware infections, unauthorized access attempts, and policy violations. - -Visit the following resources to learn more: -- [@article@What is an Intrusion Prevention System?](https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-prevention-system-ips) -- [@article@What is Host intrusion prevention system (HIPS)?](https://cyberpedia.reasonlabs.com/EN/host%20intrusion%20prevention%20system%20(hips).html) +# Host Intrusion Prevention System (HIPS) + +A Host Intrusion Prevention System (HIPS) is a security solution designed to monitor and protect individual host devices, such as servers, workstations, or laptops, from malicious activities and security threats. HIPS actively monitors system activities and can detect, prevent, and respond to unauthorized or anomalous behavior by employing a combination of signature-based, behavior-based, and heuristic detection methods. + +HIPS operates at the host level, providing a last line of defense by securing the individual endpoints within a network. It is capable of preventing a wide range of attacks, including zero-day exploits, malware infections, unauthorized access attempts, and policy violations. + +Visit the following resources to learn more: +- [@article@What is an Intrusion Prevention System?](https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-prevention-system-ips) +- [@article@What is Host intrusion prevention system (HIPS)?](https://cyberpedia.reasonlabs.com/EN/host%20intrusion%20prevention%20system%20(hips).html) diff --git a/src/data/roadmaps/cyber-security/content/honeypots@bj5YX8zhlam0yoNckL8e4.md b/src/data/roadmaps/cyber-security/content/honeypots@bj5YX8zhlam0yoNckL8e4.md index 5520084cc..b0feb903c 100644 --- a/src/data/roadmaps/cyber-security/content/honeypots@bj5YX8zhlam0yoNckL8e4.md +++ b/src/data/roadmaps/cyber-security/content/honeypots@bj5YX8zhlam0yoNckL8e4.md @@ -1,35 +1,8 @@ # Honeypots -A **honeypot** is a security measure that is designed to lure and trap potential cyber attackers, usually by posing as a vulnerable system or network. Honeypots can be a valuable tool in understanding the various tactics used by malicious actors, which allows security professionals to develop better strategies for defending against these attacks. In this section, we will explore the different types of honeypots, their uses, and some important considerations when implementing them. +Honeypots are decoy systems or networks designed to attract and detect unauthorized access attempts by cybercriminals. These intentionally vulnerable resources mimic legitimate targets, allowing security professionals to study attack techniques, gather threat intelligence, and divert attackers from actual critical systems. Honeypots can range from low-interaction systems that simulate basic services to high-interaction ones that replicate entire network environments. They serve multiple purposes in cybersecurity: early warning systems for detecting new attack vectors, research tools for understanding attacker behavior, and diversions to waste hackers' time and resources. However, deploying honeypots requires careful consideration, as they can potentially introduce risks if not properly isolated from production environments. Advanced honeypots may incorporate machine learning to adapt to evolving threats and provide more convincing decoys. While honeypots are powerful tools for proactive defense, they should be part of a comprehensive security strategy rather than a standalone solution. -## Types of Honeypots +Learn more from the following resources: -There are several different types of honeypots that can be implemented, each with unique features and capabilities. Some common types include: - -- **Low-Interaction Honeypots**: These honeypots simulate a limited set of services or vulnerabilities to lure attackers. They require minimal resources and are easier to set up than other types of honeypots. They are often used to gather basic information about attacker behavior and techniques. - -- **High-Interaction Honeypots**: These honeypots simulate a complete and realistic environment, often running full operating systems and services. They are resource-intensive but provide a more in-depth understanding of attacker behavior and can be used to identify more sophisticated threats. - -- **Research Honeypots**: These honeypots are designed specifically for the purpose of collecting detailed information about attacker methods and motives for further analysis. They often require advanced knowledge and resources to maintain but provide valuable intelligence. - -## Uses of Honeypots - -Honeypots have several uses in the cybersecurity landscape: - -- **Identify new threats**: Honeypots can help security professionals identify new attack methods, malware, or other threats before they affect real systems. - -- **Distract attackers**: By presenting a seemingly vulnerable target, honeypots can divert attackers' attention from actual critical systems, thus providing an additional layer of security. - -- **Collect attack data**: By carefully monitoring interactions with honeypots, security professionals can gather valuable information on attacker behavior, tactics, and techniques, further improving cyber defense strategies. - -## Important Considerations - -While honeypots can be powerful tools in a security professional's arsenal, there are some important factors to consider: - -- **Ethics and legality**: It's crucial to ensure that all honeypot activities are conducted ethically and within the boundaries of the law. In some jurisdictions, certain activities surrounding honeypots (such as trapping attackers) may be illegal or require specific permissions. - -- **Risk of compromise**: Honeypots can add another attack surface, which can be exploited by attackers if not adequately secured or maintained. If an attacker determines that a system is a honeypot, they may decide to attack the network further or launch more targeted attacks. - -- **Maintenance and resources**: Developing and maintaining honeypots can be resource-intensive, requiring dedicated systems or virtual machines, expertise in system administration, and ongoing monitoring. - -It's important to carefully weigh the benefits and risks of implementing honeypots and ensure they are used responsibly and strategically within your cybersecurity plan. +- [@video@What is a Honeypot?](https://www.youtube.com/watch?v=FtR9sFJlkSA) +- [@article@How Honeypots help security](https://www.kaspersky.com/resource-center/threats/what-is-a-honeypot) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/host-based-firewall@jWl1VWkZn3n1G2eHq6EnX.md b/src/data/roadmaps/cyber-security/content/host-based-firewall@jWl1VWkZn3n1G2eHq6EnX.md index e69de29bb..cfdbc38f5 100644 --- a/src/data/roadmaps/cyber-security/content/host-based-firewall@jWl1VWkZn3n1G2eHq6EnX.md +++ b/src/data/roadmaps/cyber-security/content/host-based-firewall@jWl1VWkZn3n1G2eHq6EnX.md @@ -0,0 +1,8 @@ +# Host-based Firewall + +A host-based firewall is a software application that runs directly on individual devices, such as computers, servers, or mobile devices, to control network traffic to and from that specific host. It acts as a security barrier, monitoring and filtering incoming and outgoing network connections based on predefined rules. Host-based firewalls provide an additional layer of protection beyond network firewalls, allowing for more granular control over each device's network activities. They can block unauthorized access attempts, prevent malware from communicating with command and control servers, and restrict applications from making unexpected network connections. This approach is particularly valuable in environments with mobile or remote workers, where devices may not always be protected by corporate network firewalls. However, managing host-based firewalls across numerous devices can be challenging, requiring careful policy configuration and regular updates to maintain effective security without impeding legitimate user activities. + +Learn more from the following resources: + +- [@article@What is a host-based firewall?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-host-based-firewall) +- [@video@Host-based Firewalls](https://www.youtube.com/watch?v=aRHhm980oaE) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/hostos@p7w3C94xjLwSMm5qA8XlL.md b/src/data/roadmaps/cyber-security/content/hostos@p7w3C94xjLwSMm5qA8XlL.md index 8a26425c0..721c3d73b 100644 --- a/src/data/roadmaps/cyber-security/content/hostos@p7w3C94xjLwSMm5qA8XlL.md +++ b/src/data/roadmaps/cyber-security/content/hostos@p7w3C94xjLwSMm5qA8XlL.md @@ -1,15 +1,8 @@ -# HostOS +# Host OS -A **Host Operating System (OS)** is the primary operating system installed on a computer that runs directly on the hardware. It serves as the base layer for virtualization, providing resources and an environment for virtual machines (also known as guest operating systems) to operate. +A Host Operating System (Host OS) refers to the primary operating system installed directly on a computer's hardware, managing the physical resources and providing a platform for running applications and, in virtualized environments, supporting virtual machines. In cybersecurity, the Host OS plays a critical role as it forms the foundation of the system's security posture. It's responsible for implementing core security features such as access controls, system hardening, and patch management. The Host OS often runs the hypervisor software in virtualized environments, making its security crucial for protecting all guest operating systems and applications running on top of it. Vulnerabilities in the Host OS can potentially compromise all hosted virtual machines and services. Therefore, securing the Host OS through regular updates, proper configuration, and robust monitoring is essential for maintaining the overall security of both physical and virtualized IT infrastructures. -In virtualization, the host OS allows you to run multiple guest OSs on a single physical hardware system simultaneously, which share resources (such as memory, storage, and CPU) managed by the host OS. +Learn more from the following resources: -Some key points regarding Host OS in virtualization include: - -- _Responsibilities_: The host OS manages hardware resources, including the allocation of those resources to the guest operating systems. It is also responsible for running the virtualization software or hypervisor that creates, manages, and interacts with the virtual machines. - -- _Types of Virtualization_: Host OS can be used in two types of virtualization: full virtualization and paravirtualization. In full virtualization, guest operating systems run unmodified, while in paravirtualization, guest operating systems need to be modified to efficiently run on the host OS. - -- _Security Considerations_: Protecting the host OS is crucial since its vulnerability can potentially affect every virtual machine running on the host. To secure the host, ensure that it is regularly updated, uses strong authentication measures, follows strict access controls, and employs network security best practices. - -By understanding host OS and its roles in virtualization, you can better manage your virtual environment and ensure optimal performance and security for your virtual machines. +- [@article@Host Operating System Definition](https://nordvpn.com/cybersecurity/glossary/host-operating-system/) +- [@article@Host vs Guest OS](https://www.datto.com/blog/whats-the-difference-host-vs-guest-os/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/hping@Cclbt4bNfkHwFwZOvJuLK.md b/src/data/roadmaps/cyber-security/content/hping@Cclbt4bNfkHwFwZOvJuLK.md index 94bacc7c5..519ef41d0 100644 --- a/src/data/roadmaps/cyber-security/content/hping@Cclbt4bNfkHwFwZOvJuLK.md +++ b/src/data/roadmaps/cyber-security/content/hping@Cclbt4bNfkHwFwZOvJuLK.md @@ -2,43 +2,7 @@ hping is a versatile and powerful command-line based packet crafting tool that allows network administrators, security professionals, and system auditors to manipulate and analyze network packets at a granular level. hping can be used to perform stress testing, firewall testing, scanning, and packet generation, among other functionalities. -## Key Features +Learn more from the following resources: -- **Flexible and powerful:** hping supports a wide array of protocols including TCP, UDP, ICMP, and RAW-IP, and can manipulate individual fields within network packets. - -- **Custom packet crafting:** Users can create custom packets to test specific firewall rules, for example by modifying flags, window size, or payload. - -- **Traceroute mode:** hping can perform traceroute-style scans through its specialized mode, enabling users to discover the network path between two systems. - -- **Scripting capability:** hping can be used in conjunction with scripts to automate packet crafting and analysis tasks, making it highly adaptable for diverse network testing use cases. - -## Sample Commands - -Here are some example commands using hping: - -- Perform a traditional ping: - - ``` - hping3 -1 - ``` - -- Perform a SYN flood attack: - - ``` - hping3 --flood -S -p - ``` - -- Perform a traceroute using ICMP packets: - - ``` - hping3 --traceroute -V -1 - ``` - -- Perform a UDP scan of the first 100 ports: - ``` - hping3 --udp -p 1-100 - ``` - -## Summary - -In summary, hping is an invaluable tool for anyone involved in network security, administration, or auditing. Its flexibility and power make it an essential part of any cybersecurity toolkit. By understanding how to use hping effectively, you can gain valuable insights into the behavior of networks, devices, and security mechanisms, leading to a more secure and resilient infrastructure. \ No newline at end of file +- [@official@hping source code](https://salsa.debian.org/debian/hping3) +- [@article@What is hping?](https://www.okta.com/uk/identity-101/hping/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/hr@05tH6WhToC615JTFN-TPc.md b/src/data/roadmaps/cyber-security/content/hr@05tH6WhToC615JTFN-TPc.md index e69de29bb..76f329800 100644 --- a/src/data/roadmaps/cyber-security/content/hr@05tH6WhToC615JTFN-TPc.md +++ b/src/data/roadmaps/cyber-security/content/hr@05tH6WhToC615JTFN-TPc.md @@ -0,0 +1,8 @@ +# Human Resources (HR) + +Human Resources (HR) plays a crucial role in an organization's cybersecurity efforts, bridging the gap between people and technology. HR is responsible for developing and implementing policies that promote a security-conscious culture, including acceptable use policies, security awareness training, and insider threat prevention programs. They manage the employee lifecycle, from secure onboarding processes that include background checks and security clearances, to offboarding procedures that ensure proper revocation of access rights. HR collaborates with IT and security teams to define job roles and responsibilities related to data access, helping to enforce the principle of least privilege. They also handle sensitive employee data, making HR systems potential targets for cyber attacks. As such, HR professionals need to be well-versed in data protection regulations and best practices for safeguarding personal information. By fostering a security-minded workforce and aligning human capital management with cybersecurity objectives, HR significantly contributes to an organization's overall security posture. + +Learn more from the following resources: + +- [@article@What is HR?](https://www.investopedia.com/terms/h/humanresources.asp) +- [@article@What does HR actually do?](https://www.lucidchart.com/blog/what-does-hr-do) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/http--https@3Awm221OJHxXNLiL9yxfd.md b/src/data/roadmaps/cyber-security/content/http--https@3Awm221OJHxXNLiL9yxfd.md index 763c5d550..ba8c91a8d 100644 --- a/src/data/roadmaps/cyber-security/content/http--https@3Awm221OJHxXNLiL9yxfd.md +++ b/src/data/roadmaps/cyber-security/content/http--https@3Awm221OJHxXNLiL9yxfd.md @@ -1,23 +1,8 @@ # HTTP / HTTPS -HTTP (Hypertext Transfer Protocol) and HTTPS (Hypertext Transfer Protocol Secure) are two important protocols that are crucial for transferring data over the internet. They form the primary means of communication between web servers and clients (browsers). +HTTP (Hypertext Transfer Protocol) and HTTPS (HTTP Secure) are fundamental protocols for web communication. HTTP is the foundation for data exchange on the World Wide Web, allowing browsers to request resources from web servers. However, HTTP transmits data in plain text, making it vulnerable to eavesdropping and man-in-the-middle attacks. HTTPS addresses these security concerns by adding a layer of encryption using SSL/TLS (Secure Sockets Layer/Transport Layer Security). This encryption protects the confidentiality and integrity of data in transit, securing sensitive information such as login credentials and financial transactions. HTTPS also provides authentication, ensuring that users are communicating with the intended website. In recent years, there has been a significant push towards HTTPS adoption across the web, with major browsers marking HTTP sites as "not secure." This shift has greatly enhanced overall web security, though it's important to note that HTTPS secures the connection, not necessarily the content of the website itself. -## HTTP +Learn more from the following resources: -HTTP is an application-layer protocol that allows clients and servers to exchange information, such as web pages, images, and other content. When you visit a website, your browser sends an HTTP request to the server, which then responds with the requested data. This data is then rendered by your browser. - -HTTP operates on a stateless, request-response model. This means that each request is independent of the others, making it a fast and efficient way of transmitting data. - -However, HTTP has one significant drawback — it's not secure. Since it's transmitted in plain text, anyone intercepting the traffic can easily read the content of the messages. This makes HTTP unsuitable for sensitive information like passwords or credit card numbers. - -## HTTPS - -To address the security concerns of HTTP, HTTPS was introduced as a secure alternative. HTTPS uses encryption to ensure that data transmitted between the client and server is confidential and cannot be deciphered by a third-party. - -HTTPS uses either SSL (Secure Sockets Layer) or TLS (Transport Layer Security) to encrypt data. These cryptographic protocols provide end-to-end security, ensuring data integrity and authentication. When you visit a website with HTTPS, you can be confident that your information is being securely transmitted. - -To implement HTTPS, websites need to obtain an SSL/TLS certificate from a trusted Certificate Authority (CA). This certificate authenticates the website's identity and helps establish a secure connection between the client and server. - -## In Summary - -When browsing the internet, always look for the padlock icon in the address bar, which indicates a secure HTTPS connection. This helps protect your personal information from being intercepted by attackers. As a website owner or developer, it's crucial to prioritize implementing HTTPS, to provide a secure and trustworthy experience for your users. +- [@article@An overview of HTTP](https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview) +- [@article@What is HTTPS?](https://www.cloudflare.com/en-gb/learning/ssl/what-is-https/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/hybrid@ywRlTuTfh5-NHnv4ZyW1t.md b/src/data/roadmaps/cyber-security/content/hybrid@ywRlTuTfh5-NHnv4ZyW1t.md index 246023379..535d11983 100644 --- a/src/data/roadmaps/cyber-security/content/hybrid@ywRlTuTfh5-NHnv4ZyW1t.md +++ b/src/data/roadmaps/cyber-security/content/hybrid@ywRlTuTfh5-NHnv4ZyW1t.md @@ -1,27 +1,8 @@ # Hybrid -The hybrid cloud model is a type of cloud computing deployment that combines the features of both private and public cloud models. In this model, organizations can capitalize on the advantages of both models by seamlessly integrating and sharing resources between the two. Below, we delve into the key characteristics, benefits, and challenges associated with the hybrid cloud model. +Hybrid cloud architecture combines elements of both public and private cloud environments, allowing organizations to leverage the benefits of each while maintaining flexibility and control. This model enables businesses to keep sensitive data and critical applications in a private cloud or on-premises infrastructure while utilizing public cloud resources for less sensitive operations or to handle peak demand. From a cybersecurity perspective, hybrid clouds present unique challenges and opportunities. They require careful management of data flow between environments, robust identity and access management across multiple platforms, and consistent security policies. The complexity of hybrid setups can increase the attack surface, necessitating advanced security tools and practices such as cloud access security brokers (CASBs) and multi-factor authentication. However, hybrid clouds also offer advantages like the ability to implement data residency requirements and maintain greater control over critical assets. Effective security in hybrid environments demands a holistic approach, encompassing cloud-native security tools, traditional security measures, and strong governance to ensure seamless protection across all infrastructure components. -## Characteristics +Learn more from the following resources: -- **Integration**: Hybrid cloud environments rely on a strong connection between private and public clouds, allowing for the secure sharing of data and applications. - -- **Scalability**: Organizations can easily scale resources up or down depending on their needs, taking advantage of the flexibility offered by the public cloud while maintaining the security of a private cloud. - -- **Cost-Optimization**: Enterprises using the hybrid cloud model can optimize costs by selectively allocating workloads to either public or private cloud environments based on their specific needs. - -## Benefits - -- **Security**: Hybrid clouds offer better security by allowing organizations to store sensitive data in their private cloud while using the public cloud for less-sensitive data and applications. - -- **Greater Flexibility**: By combining public and private clouds, organizations can enjoy more flexibility when managing resources and can react quickly to varying workloads and changing requirements. - -- **Cost Savings**: In a hybrid cloud model, organizations can take advantage of the pay-as-you-go pricing of public clouds, reducing the overall TCO (Total Cost of Ownership) of their IT infrastructure. - -## Challenges - -- **Complex Management**: Managing a hybrid cloud environment can be more complex compared to a single cloud solution, as organizations must carefully balance resources and maintain data consistency/bandwidth between private and public cloud environments. - -- **Security Concerns**: While hybrid clouds offer improved security compared to a purely public cloud solution, organizations must still implement proper security measures and governance policies, such as encryption and access controls, to protect sensitive data. - -Overall, the hybrid cloud model is an effective solution for organizations looking to leverage the best features of both private and public cloud environments to achieve a balance between cost-efficiency, security, and flexibility. +- [@video@What is Hybrid cloud?](https://www.youtube.com/watch?v=3kGFBBy3Lyg) +- [@article@What is a Hybrid Cloud?](https://cloud.google.com/learn/what-is-hybrid-cloud) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/hypervisor@CIoLaRv5I3sCr9tBnZHEi.md b/src/data/roadmaps/cyber-security/content/hypervisor@CIoLaRv5I3sCr9tBnZHEi.md index da870aa97..d553e7aac 100644 --- a/src/data/roadmaps/cyber-security/content/hypervisor@CIoLaRv5I3sCr9tBnZHEi.md +++ b/src/data/roadmaps/cyber-security/content/hypervisor@CIoLaRv5I3sCr9tBnZHEi.md @@ -1,29 +1,14 @@ # Hypervisor -A **hypervisor** is a software component that plays a vital role in virtualization technology. It enables multiple operating systems to run simultaneously on a single physical host. In the context of cybersecurity, using a hypervisor allows users to create and manage multiple isolated virtual environments, commonly known as **virtual machines (VMs)**, which can help protect sensitive data and applications from threats. +A hypervisor, also known as a virtual machine monitor (VMM), is software or firmware that enables the creation and management of virtual machines (VMs) by abstracting the underlying hardware. It allows multiple VMs to run on a single physical machine, each operating independently with its own operating system and applications. Hypervisors facilitate better resource utilization by allowing a physical server to host several virtual environments, optimizing hardware efficiency. -There are two primary types of hypervisors: +There are two types of hypervisors: +- **Type 1 hypervisor**, or bare-metal hypervisor, runs directly on the physical hardware without a host operating system. It provides better performance and is commonly used in enterprise environments. Examples include VMware ESXi and Microsoft Hyper-V. +- **Type 2 hypervisor** runs on top of an existing operating system, relying on the host OS for resource management. These are typically used for personal or development purposes, with examples like VMware Workstation and Oracle VirtualBox. -- **Type 1 hypervisors** (_Bare-metal Hypervisors_) - These hypervisors run directly on the host's hardware, without the need for an underlying operating system, offering better performance and security. Examples of type 1 hypervisors include VMware ESXi, Microsoft Hyper-V, and Xen. +Hypervisors are fundamental in cloud computing, virtualization, and server consolidation, allowing for flexible and efficient resource management and isolation between virtual environments. -- **Type 2 hypervisors** (_Hosted Hypervisors_) - These hypervisors run as an application on an existing operating system, which makes them less performant and potentially less secure. However, they are generally easier to set up and manage. Examples of type 2 hypervisors include Oracle VirtualBox, VMware Workstation, and Parallels Desktop. +Learn more from the following resources: -## Benefits of using a Hypervisor - -Utilizing a hypervisor in your cybersecurity strategy can provide several benefits, such as: - -- **Isolation:** Each VM operates in a separate environment, decreasing the chance that a security breach on one VM will affect the others. -- **Flexibility:** VMs can be easily created, modified, or destroyed, allowing for easy management and reduced downtime. -- **Resource Management:** Hypervisors can effectively manage resources among the various VMs, ensuring that no single VM monopolizes the available resources. -- **Snapshotting:** Hypervisors can create snapshots of a VM's state, allowing for easy recovery and rollback in case of a security incident or system failure. - -## Hypervisor Security Considerations - -Though hypervisors can enhance your cybersecurity posture, it's essential to be aware of potential security risks and best practices. Some security considerations include: - -- **Secure configuration and patch management:** Ensure that the hypervisor is configured securely, and patches are applied promptly to protect against known vulnerabilities. -- **Limiting hypervisor access:** Restrict access to the hypervisor by allowing only authorized users and implementing strong authentication and access controls. -- **Monitoring:** Implement continuous monitoring and logging mechanisms to detect and respond to potential security threats in the virtual environment. -- **Network Segmentation:** Isolate sensitive VMs on separate networks or virtual LANs (VLANs) to minimize the risk of unauthorized access or lateral movement within the virtualized environment. - -In conclusion, a hypervisor is a powerful tool in cybersecurity and virtualization. By understanding its types, benefits, and security considerations, you can make informed decisions on how to best leverage hypervisor technology to protect your digital assets. +- [@article@What is a hypervisor?](https://www.redhat.com/en/topics/virtualization/what-is-a-hypervisor) +- [@video@What is a Hypervisor?](https://www.youtube.com/watch?v=LMAEbB2a50M) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/iaas@1nPifNUm-udLChIqLC_uK.md b/src/data/roadmaps/cyber-security/content/iaas@1nPifNUm-udLChIqLC_uK.md index 7c494b496..6e8a585bc 100644 --- a/src/data/roadmaps/cyber-security/content/iaas@1nPifNUm-udLChIqLC_uK.md +++ b/src/data/roadmaps/cyber-security/content/iaas@1nPifNUm-udLChIqLC_uK.md @@ -2,52 +2,7 @@ Infrastructure as a Service (IaaS) is a type of cloud computing service that offers virtualized computing resources over the internet. Essentially, it enables you to rent IT infrastructure—such as virtual machines (VMs), storage, and networking—on a pay-as-you-go basis instead of buying and maintaining your own physical hardware. -## Key Features +Learn more from the following resources: -IaaS provides a wide range of services and resources, including: - -- **Scalable Virtual Machines**: Quickly provision and scale virtual machines based on your requirements, with various configurations for CPU cores, RAM, and storage. - -- **Managed Storage**: Access various storage options such as block storage, object storage, and file storage to suit your application and data needs. - -- **Flexible Networking**: Create virtual networks, configure subnets, manage IPs, and set up VPNs to connect your cloud environments. - -- **Security**: Implement security measures like firewalls, access control policies, and encryption to protect your infrastructure and data. - -- **Automation & Integration**: Utilize APIs and other tools to automate tasks and integrate with third-party services. - -## Benefits - -Using IaaS offers several advantages, such as: - -- **Cost Efficiency**: Eliminate the need to invest in and maintain physical hardware, while only paying for the resources you actually use. - -- **Scalability & Flexibility**: Rapidly adjust and scale your resources to meet changing demand, without the constraints of limited physical hardware capacity. - -- **Faster Deployment**: Deploy and configure your infrastructure much faster compared to setting up traditional hardware. - -- **Reliability**: Leverage the redundancy and reliability of the cloud provider's infrastructure to ensure high availability and minimize downtime. - -- **Focus on Core Business**: Free up time and resources that would have been spent on managing and maintaining infrastructure, allowing you to focus on your core business operations. - -## Use Cases - -IaaS is a popular solution for various scenarios, including: - -- **Web Apps**: Host and scale web applications, ensuring they can handle sudden traffic spikes or expanding user bases. - -- **Development & Testing**: Quickly set up testing and development environments to iterate and validate new features. - -- **Data Storage & Backup**: Store large volumes of data, from business-critical databases to offsite backups. - -- **Big Data & Analytics**: Process and analyze large data sets with high-performance computing clusters, without the need to invest in specialized hardware. - -## Popular IaaS Providers - -There are several IaaS providers in the market, some of the most popular include: - -- Amazon Web Services (AWS) -- Microsoft Azure -- Google Cloud Platform (GCP) - -Each provider offers a range of services and tools that cater to different needs and requirements. It's essential to evaluate the features, cost structure, and support offered by each platform to make the most suitable choice for your organization. +- [@video@IaaS Explained](https://www.youtube.com/watch?v=XRdmfo4M_YA) +- [@article@What is IaaS?](https://azure.microsoft.com/en-gb/resources/cloud-computing-dictionary/what-is-iaas) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/icloud@E7yfALgu9E2auOYDOTmex.md b/src/data/roadmaps/cyber-security/content/icloud@E7yfALgu9E2auOYDOTmex.md index b8bfc9540..50bf40a73 100644 --- a/src/data/roadmaps/cyber-security/content/icloud@E7yfALgu9E2auOYDOTmex.md +++ b/src/data/roadmaps/cyber-security/content/icloud@E7yfALgu9E2auOYDOTmex.md @@ -2,30 +2,6 @@ iCloud is a cloud storage and cloud computing service provided by Apple Inc. It allows users to store data, such as documents, photos, and music, on remote servers and synchronize them across their Apple devices, including iPhones, iPads, and MacBooks. -## Features and Benefits +Learn more from the following resources: -iCloud offers a range of features and benefits that enhance the user experience and improve security. Here are some key aspects of the service: - -- **iCloud Storage**: Users are provided with 5 GB of free storage space on iCloud, and they can upgrade to higher plans (50 GB, 200 GB, or 2 TB) for an additional cost. This storage can be used for documents, photos, videos, backups, and app data. - -- **iCloud Backup**: iCloud automatically backs up essential data from iOS devices when they are connected to Wi-Fi and charging. This includes app data, device settings, messages, and much more. In case of device loss or replacement, users can restore the backup to the new device. - -- **iCloud Photos**: This feature allows users to automatically upload and store their photos and videos on iCloud, making them accessible across all their devices. iCloud also syncs edits, deletions, and album organization, ensuring that the photo library stays updated across all devices. - -- **Find My**: This service helps users locate their lost Apple devices using their iCloud account on another device. It also offers features like remote device lock and erase, ensuring that user data remains secure even if the device cannot be recovered. - -- **iCloud Drive**: Users can store documents and files of various types in iCloud Drive, making them accessible from all devices. This feature is built into the Mac Finder and can also be accessed via the Files app on iOS devices or the iCloud website. - -- **App-specific Data Sync**: Many apps can make use of iCloud to sync their data across devices. This enables a seamless experience, ensuring that users can pick up where they left off regardless of the device they are using. - -## Security - -Apple takes the security of iCloud very seriously and has implemented multiple layers of protection to keep user data safe. Some of these measures include: - -- **Encryption**: Data stored on iCloud is encrypted during transit and on the server. Photos, documents, and other data are secured using a minimum of 128-bit AES encryption. -- **Two-Factor Authentication (2FA)**: Users can enable 2FA for their Apple ID to add an extra layer of security. This requires an additional verification step (such as entering a code received on a trusted device) when signing into iCloud or any Apple service. -- **Secure Tokens**: Apple uses secure tokens for authentication, which means that your iCloud password is not stored on your devices or on Apple's servers. - -Overall, iCloud is a convenient and secure way for Apple device users to store and synchronize their data across devices. This cloud-based service offers numerous features to ensure seamless access and enhanced protection for user data. - -- [@article@All about iCloud](https://www.intego.com/mac-security-blog/everything-you-can-do-with-icloud-the-complete-guide/) \ No newline at end of file +- [@official@iCloud Website](https://www.icloud.com/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/icloud@Wqy6ki13hP5c0VhGYEhHj.md b/src/data/roadmaps/cyber-security/content/icloud@Wqy6ki13hP5c0VhGYEhHj.md index 28a8631e2..50bf40a73 100644 --- a/src/data/roadmaps/cyber-security/content/icloud@Wqy6ki13hP5c0VhGYEhHj.md +++ b/src/data/roadmaps/cyber-security/content/icloud@Wqy6ki13hP5c0VhGYEhHj.md @@ -1,26 +1,7 @@ # iCloud -[iCloud](https://www.icloud.com/) is a cloud storage service offered by Apple Inc. that provides secure and seamless storage, backup, and synchronization of data across all of your Apple devices. It allows you to store documents, photos, music, contacts, calendars, and more, enabling you to access this information from your iPhone, iPad, iPod touch, Mac, or PC. +iCloud is a cloud storage and cloud computing service provided by Apple Inc. It allows users to store data, such as documents, photos, and music, on remote servers and synchronize them across their Apple devices, including iPhones, iPads, and MacBooks. -## Key Features +Learn more from the following resources: -- **iCloud Drive**: A secure space in the cloud where you can store your files and access them from any compatible device. You can also share files or entire folders with others. -- **Photos**: Automatically stores and organizes all your photos and videos in iCloud. You can access them from any of your devices and even create shared photo albums for specific moments or events. -- **Backup**: iCloud automatically backs up your iOS and iPadOS devices daily, ensuring that your data is safe and up-to-date. If you ever need to restore a device, iCloud Backup can help you get your data back quickly and easily. -- **Find My**: This feature helps you locate your lost or stolen Apple devices by displaying their location on a map. Additionally, it allows you to remotely lock, erase, or play a sound on your lost device to protect your data. -- **iCloud Keychain**: Securely stores and syncs your passwords and credit card information across all your Apple devices. It helps you generate strong passwords and autofill them when needed, making your online experience simple and more secure. -- **Family Sharing**: Allows you to share various Apple services, like iCloud storage, Apple Music, and App Store purchases, with up to five family members. It also includes a shared family calendar and photo album. - -## Pricing and Storage Plans - -iCloud offers 5 GB of free storage. However, if you need more space, you can choose from the following paid storage plans: - -- 50 GB for $0.99 per month -- 200 GB for $2.99 per month -- 2 TB for $9.99 per month - -Pricing may vary based on your location. - -To manage and upgrade your storage plan, go to the Settings app on your iOS or iPadOS device, then tap on your name, and then select iCloud. On a Mac, open System Preferences, click on Apple ID, and then select iCloud. - -In summary, iCloud is a convenient and secure cloud storage solution that allows you to effortlessly store and access your data across all of your Apple devices. With its wide range of features, like iCloud Drive, Photos, Backup, and Find My, iCloud helps you stay connected and protect your valuable information. +- [@official@iCloud Website](https://www.icloud.com/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/identification@XsRoldaBXUSiGbvY1TjQd.md b/src/data/roadmaps/cyber-security/content/identification@XsRoldaBXUSiGbvY1TjQd.md index dde32dd24..756e02161 100644 --- a/src/data/roadmaps/cyber-security/content/identification@XsRoldaBXUSiGbvY1TjQd.md +++ b/src/data/roadmaps/cyber-security/content/identification@XsRoldaBXUSiGbvY1TjQd.md @@ -1,29 +1,8 @@ # Identification -The _Identification_ step in the incident response process is the initial phase where an organization detects and confirms that a security incident has occurred. As the cornerstone of effective incident response, it is crucial to identify potential threats as quickly as possible. In this section, we will explore various aspects of the identification phase and discuss how to effectively recognize security incidents. +Identification refers to the process of detecting and recognizing that a security breach or anomalous activity has occurred within a network or system. This is the initial step in the incident response process, where security tools, monitoring systems, or alert mechanisms, such as Intrusion Detection Systems (IDS), log analysis, or user reports, indicate potential malicious activity. Effective identification is critical as it determines the subsequent steps in addressing the incident, such as containment, eradication, and recovery. Prompt and accurate identification helps minimize the impact of the incident, reducing downtime, data loss, and the overall damage to the organization. -## Key Elements of Identification +Learn more from the following resources: -- **Monitoring:** Implement robust monitoring systems, which include security information and event management (SIEM) solutions, intrusion detection systems (IDS), antivirus software, and firewalls, to consistently track and scrutinize IT environment activities. - -- **Alerts and Indicators:** Establish clear and meaningful alerts and indicators of compromise (IoCs) to quickly identify and respond to anomalous behavior or potential threats. - -- **Threat Intelligence:** Leverage threat intelligence from various sources, such as reputable security vendors, industry partners, and government agencies, to stay informed about emerging threats and vulnerabilities. - -- **Incident Triage:** Implement an incident triage process, which includes the evaluation of potential incidents and the categorization of real incidents based on their severity, to ensure timely and efficient allocation of resources. - -- **User Reporting Mechanisms:** Encourage employees to report suspicions of cyber incidents and educate them on their role in recognizing abnormal activity. Setting up a reporting mechanism such as a dedicated email address or hotline can facilitate this. - -## Identifying Security Incidents - -Detecting cyber incidents is an ongoing process which requires continuous refinement and improvement. Begin by focusing on early detection and quick containment, as incidents tend to become costlier the longer they remain undetected. - -Some key aspects to keep in mind when identifying security incidents are: - -- **Analyze and prioritize alerts:** Use a risk-based approach to prioritize incidents according to their potential impact on the organization's critical infrastructure, sensitive data, and business continuity. - -- **Leverage analytics:** Use advanced analytics and machine learning tools to detect anomalous behavior and identify advanced attacks that could bypass traditional signature-based detection solutions. - -- **Regularly review and update detection tools:** Keep detection tools up to date and ensure they are properly calibrated to minimize false positives and negatives. - -As the author of this guide, I suggest you invest time and resources into developing a solid identification process. By putting in place effective detection measures, you are building the foundation for a successful incident response capability, empowering your organization to respond efficiently to cyber threats and minimize potential damages. +- [@article@How to identify Cybersecurity vulnerabilities](https://fieldeffect.com/blog/how-to-identify-cybersecurity-vulnerabilities) +- [@article@What is an Intrusion Detection System](https://www.ibm.com/topics/intrusion-detection-system) diff --git a/src/data/roadmaps/cyber-security/content/infrared@KsZ63c3KQLLn373c5CZnp.md b/src/data/roadmaps/cyber-security/content/infrared@KsZ63c3KQLLn373c5CZnp.md index 530f8bf4b..0e23eaf2d 100644 --- a/src/data/roadmaps/cyber-security/content/infrared@KsZ63c3KQLLn373c5CZnp.md +++ b/src/data/roadmaps/cyber-security/content/infrared@KsZ63c3KQLLn373c5CZnp.md @@ -1,27 +1,8 @@ # Infrared -Infrared (IR) is a type of wireless communication technology that utilizes light waves in the electromagnetic spectrum to transmit data between devices. Infrared connections are widely used in short-range communication, commonly found in devices like remote controls, wireless keyboards and mice, and computer-to-printer communication. Let's take a closer look at the features of infrared connectivity: +Infrared (IR) is a type of wireless communication technology that utilizes light waves in the electromagnetic spectrum to transmit data between devices. Infrared connections are widely used in short-range communication, commonly found in devices like remote controls, wireless keyboards and mice, and computer-to-printer communication. -## Advantages of Infrared Connections +Learn more from the following resources: -- **Privacy:** Since IR signals don't penetrate walls, there's less chance of interference or eavesdropping from neighboring devices. -- **Ease of setup:** Infrared devices often require minimal setup, making them easy to use and hassle-free. -- **Low power consumption:** Infrared connections typically consume little power, which is suitable for battery-operated devices. - -## Disadvantages of Infrared Connections - -- **Limited range:** Infrared transmissions have a short range, usually up to only a few meters. -- **Line-of-sight transmission:** The signal gets blocked if objects are in the way between the sender and the receiver, as IR uses line-of-sight transmission. -- **Slower data transfer rates:** Infrared connections have slower data transfer rates compared to other wireless technologies like Wi-Fi or Bluetooth. - -## Infrared Security Considerations - -While infrared connections are generally secure due to their limited range and inability to penetrate walls, they are still susceptible to attacks. An attacker with direct access to the transmission path can intercept, modify or inject data into the communication. - -To maintain security in infrared connections, consider the following precautions: - -- **Encryption:** Use encryption methods to protect sensitive data transmitted over infrared connections. -- **Authentication:** Implement authentication mechanisms that confirm the identities of devices before allowing access. -- **Physical security:** Ensure that devices using infrared communication are located in secure areas, limiting the possibility of tampering or eavesdropping. - -In summary, infrared is a useful technology for short-range communication purposes with certain benefits, such as privacy and low power consumption. However, it also has limitations and security considerations that must be addressed. +- [@article@Infrared Definition](https://nordvpn.com/cybersecurity/glossary/infrared/?srsltid=AfmBOop7r5E41gRA5itc1NmwrS9qpjfiFnW6UKBwVLuu_MifaKdLHoTe) +- [@article@Infrared](https://www.larksuite.com/en_us/topics/cybersecurity-glossary/infrared) diff --git a/src/data/roadmaps/cyber-security/content/installation-and-configuration@02aaEP9E5tlefeGBxf_Rj.md b/src/data/roadmaps/cyber-security/content/installation-and-configuration@02aaEP9E5tlefeGBxf_Rj.md index 183630014..7cf3a837b 100644 --- a/src/data/roadmaps/cyber-security/content/installation-and-configuration@02aaEP9E5tlefeGBxf_Rj.md +++ b/src/data/roadmaps/cyber-security/content/installation-and-configuration@02aaEP9E5tlefeGBxf_Rj.md @@ -32,4 +32,5 @@ While software configurations will vary depending on the specific application or - **Disable Unnecessary Services**: Disable any unused or unnecessary services on your systems. Unnecessary services can contribute to an increased attack surface and potential vulnerabilities. -By following these guidelines, you can establish a robust foundation for system security through proper installation and configuration. Remember that maintaining strong cybersecurity is an ongoing process that requires continuous learning and adaptation to stay ahead of evolving threats. \ No newline at end of file +Learn more from the following resources + diff --git a/src/data/roadmaps/cyber-security/content/ip@FdoqB2---uDAyz6xZjk_u.md b/src/data/roadmaps/cyber-security/content/ip@FdoqB2---uDAyz6xZjk_u.md index ac3bd7354..12ab855af 100644 --- a/src/data/roadmaps/cyber-security/content/ip@FdoqB2---uDAyz6xZjk_u.md +++ b/src/data/roadmaps/cyber-security/content/ip@FdoqB2---uDAyz6xZjk_u.md @@ -2,37 +2,9 @@ IP, or Internet Protocol, is a fundamental concept in cybersecurity that refers to the way data is transferred across networks, specifically the internet. It is a core component of the internet's architecture and serves as the primary building block for communication between devices connected to the network. -## IP Address - An IP address is a unique identifier assigned to each device connected to a network, like a computer or smartphone. It comprises a series of numbers separated by dots (e.g., 192.168.1.1). IP addresses can be either IPv4 (32-bit) or the newer IPv6 (128-bit) format, which provides more available addresses. They allow devices to send and receive data packets to and from other devices on the internet. -## IP Routing - -IP routing is the process of directing data packets from one IP address to another via routers. These routers help find the most efficient path for the data to take as it travels across networks, ensuring that communication is fast and reliable. - -## IP Protocols - -Two main IP protocols exist for transferring data over the internet: Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). Each protocol has its own unique characteristics and use cases. - -- **TCP**: Designed to ensure error-free, in-order transmission of data packets, TCP is used for applications where reliability is more important than speed, such as file transfers, email, and web browsing. -- **UDP**: A faster, connectionless protocol that doesn't guarantee the order or integrity of data packets, making it suitable for real-time applications like video streaming and online gaming. - -## IP Security Risks - -IP-based attacks can disrupt communication between devices and even result in unauthorized access to sensitive data. Such attacks include: - -- **IP Spoofing**: Manipulating an IP address to disguise the source of traffic or impersonate another device on the network. -- **DDoS Attacks**: Overwhelming a target IP address or network with a massive amount of traffic, making services unavailable to users. -- **Man-in-the-Middle Attacks**: Interceptors intercept and potentially modify data in transit between two IP addresses, enabling eavesdropping, data theft, or message alteration. - -## IP Security Best Practices - -To safeguard against IP-based threats, consider implementing the following cybersecurity best practices: - -- Deploy firewalls to filter out malicious traffic and block unauthorized access. -- Use VPNs to encrypt data in transit and hide your IP address from potential attackers. -- Regularly update network devices and software to patch vulnerabilities. -- Employ intrusion detection and prevention systems (IDPS) to monitor and counter threats. -- Educate users about safe internet habits and the importance of strong, unique passwords. +Learn more from the following resources: -Understanding IP and its associated security risks is crucial in ensuring the safe and efficient transfer of data across networks. By following best practices, you can help protect your network and devices from potential cyber threats. \ No newline at end of file +- [@article@What is an IP address and what does it mean?](https://www.kaspersky.com/resource-center/definitions/what-is-an-ip-address) +- [@video@Whats an IP address?](https://www.youtube.com/watch?v=6is6Gulh7qE) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/ipam@hN8p5YBcSaPm-byQUIz8L.md b/src/data/roadmaps/cyber-security/content/ipam@hN8p5YBcSaPm-byQUIz8L.md index cfe667b52..4d0aedbd8 100644 --- a/src/data/roadmaps/cyber-security/content/ipam@hN8p5YBcSaPm-byQUIz8L.md +++ b/src/data/roadmaps/cyber-security/content/ipam@hN8p5YBcSaPm-byQUIz8L.md @@ -2,20 +2,7 @@ IP Address Management (IPAM) is a critical aspect of cyber security, as it helps organizations efficiently manage and track their IP addresses, DNS, and DHCP services. In any network, devices like servers, routers, and switches are assigned unique IP addresses, which enables them to communicate with each other. Efficient and secure management of these IP addresses is vital for maintaining network security and prevent unauthorized access. -## Functions of IPAM +Learn more from the following resources: -- **IPv4 and IPv6 address management:** IPAM enables organizations to manage and keep track of their IPv4 and IPv6 addresses. It allows for the allocation, assignment, and control of IP addresses in networks, preventing conflicts and errors. - -- **DNS integration:** A well-organized IPAM system can integrate with DNS services to provide consistent and accurate information about the network. This helps organizations in keeping their DNS records up-to-date and secure. - -- **DHCP integration:** IPAM works hand-in-hand with DHCP services to manage and monitor IP address leases within the network. This ensures that devices are assigned dynamic IP addresses and automatically updated when a lease expires. - -- **Network discovery and auditing:** IPAM enables network discovery, scanning, and auditing to ensure that all connected devices are accounted for and comply with security policies. Regular network discovery can also identify rogue devices or unauthorized access. - -- **Policy compliance:** IPAM can help enforce policies related to IP address assignment and usage within an organization. This may include restrictions on the use of certain types of addresses or preventing specific devices from obtaining an IP address. - -- **Inventory management and allocation:** IPAM allows organizations to maintain an inventory of available IP addresses, subnets, and address pools. This streamlines IP allocation processes and ensures that addresses are optimally utilized. - -- **Reporting and analytics:** An IPAM system can provide detailed reports on IP address usage, allocation history, and other statistics. This information can help organizations identify trends, optimize their networks, and improve overall security. - -In conclusion, IPAM plays a vital role in cyber security by enabling organizations to manage and monitor their IP address spaces efficiently. Implementing a comprehensive IPAM solution can help organizations maintain secure and effective network communication, comply with policies, and prevent unauthorized access. \ No newline at end of file +- [@article@What is IPAM?](https://www.infoblox.com/glossary/ipam-ip-address-management/) +- [@article@IP Address Management](https://learn.microsoft.com/en-us/windows-server/networking/technologies/ipam/ipam-top) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/ipconfig@IXNGFF4sOFbQ_aND-ELK0.md b/src/data/roadmaps/cyber-security/content/ipconfig@IXNGFF4sOFbQ_aND-ELK0.md index a5256fcb4..ddb4a10f0 100644 --- a/src/data/roadmaps/cyber-security/content/ipconfig@IXNGFF4sOFbQ_aND-ELK0.md +++ b/src/data/roadmaps/cyber-security/content/ipconfig@IXNGFF4sOFbQ_aND-ELK0.md @@ -2,30 +2,7 @@ `ipconfig` is a widely-used command-line utility for Windows operating systems that provides valuable information regarding a computer's network configuration. It can be extremely helpful for incident response and discovery tasks when investigating network-related issues, extracting crucial network details, or when trying to ascertain a machine's IP address. -## How to Use Ipconfig +Learn more from the following resources: -To utilize `ipconfig`, open the Command Prompt (CMD) by pressing Windows Key + R, type `cmd`, and hit Enter. Once the CMD is open, type `ipconfig` and press Enter. The following information will be displayed: - -- **IPv4 Address:** The assigned IP address for the local machine. -- **Subnet Mask:** The mask used to separate the host addresses from the network addresses. -- **Default Gateway:** The IP address of the immediate network gateway that the local machine communicates with. - -## Additional Ipconfig Commands - -`ipconfig` offers supplementary commands that can provide useful information: - -- **ipconfig /all:** Provides detailed information about network configurations, including Host Name, DNS Servers, and DHCP configuration status. -- **ipconfig /renew:** Renews the DHCP lease, giving a new IP address (if possible) from the DHCP server. -- **ipconfig /release:** Releases the assigned IP address, disconnecting the machine from network access. -- **ipconfig /flushdns:** Clears the DNS cache, removing all stored DNS entries. - -## Benefits of Ipconfig for Incident Response and Discovery - -`ipconfig` is an efficient tool for Incident Response (IR) teams and network administrators to troubleshoot and uncover vital network details during a cyber-security event. Some notable benefits include: - -- **Discovering IP Addresses:** Identify the local machine's IP, Gateway, and DNS server addresses, which might be relevant during an investigation, or while assessing network exposure or communication with rogue servers. -- **Identifying Configuration Issues:** Uncover misconfigured network settings or discrepancies between IP, DNS, or default gateway addresses, which could be signs of malicious activity. -- **DNS Cache Investigation:** Examine DNS cache entries as evidence of possible communication to malicious domains, or clear the DNS cache to alleviate malware behavior. -- **Troubleshooting Connection Problems:** Validate network connectivity directly, from the local host or with remote hosts through tools like `ping` or `tracert`, utilizing IP addresses from `ipconfig`. - -`Ipconfig` is an essential and user-friendly utility for gathering network configuration details, allowing IT professionals to respond efficiently, ensure security, and maintain the health of their computer systems during investigations or discovery tasks. \ No newline at end of file +- [@article@ipconfig command](https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/ipconfig) +- [@article@Understanding ipconfig](https://www.whatismyip.com/ipconfig/) diff --git a/src/data/roadmaps/cyber-security/content/ipconfig@u-6xuZUyOrogh1bU4cwER.md b/src/data/roadmaps/cyber-security/content/ipconfig@u-6xuZUyOrogh1bU4cwER.md index fff42db65..ddb4a10f0 100644 --- a/src/data/roadmaps/cyber-security/content/ipconfig@u-6xuZUyOrogh1bU4cwER.md +++ b/src/data/roadmaps/cyber-security/content/ipconfig@u-6xuZUyOrogh1bU4cwER.md @@ -1,67 +1,8 @@ # ipconfig -**IPConfig** is a command-line tool that is available on Windows operating systems. It is used to display the current network configuration settings of a computer, such as IP address, subnet mask, and default gateway. This tool helps users diagnose and troubleshoot network connectivity issues by providing essential details about the system's network connections. +`ipconfig` is a widely-used command-line utility for Windows operating systems that provides valuable information regarding a computer's network configuration. It can be extremely helpful for incident response and discovery tasks when investigating network-related issues, extracting crucial network details, or when trying to ascertain a machine's IP address. -## Using IPConfig +Learn more from the following resources: -To use IPConfig, open the Command Prompt or PowerShell and enter the following command: - -``` -ipconfig -``` - -This command will display the network configuration details for all the active network connections on your system. - -## IPConfig Options - -IPConfig has several options that can provide more comprehensive information or perform different tasks, such as: - -- **/all**: This option displays the full configuration data for all the network connections, including DHCP (Dynamic Host Configuration Protocol) server and lease information. - - ``` - ipconfig /all - ``` - -- **/release**: This command releases the IP address obtained from the DHCP server for the specified network adapter or all network adapters if none is specified. - - ``` - ipconfig /release - ``` - -- **/renew**: This command requests a new IP address from the DHCP server for the specified network adapter or all network adapters if none is specified. - - ``` - ipconfig /renew - ``` - -- **/flushdns**: This option clears the DNS (Domain Name System) resolver cache, which stores the recent DNS queries and their corresponding IP addresses. - - ``` - ipconfig /flushdns - ``` - -- **/registerdns**: This command refreshes all DHCP leases and re-registers DNS names for your system. - - ``` - ipconfig /registerdns - ``` - -- **/displaydns**: This option displays the contents of the DNS resolver cache, allowing you to view recently resolved domain names and IP addresses. - - ``` - ipconfig /displaydns - ``` - -- **/setclassid**: This command allows you to modify the DHCP class ID for the specified network adapter. - - ``` - ipconfig /setclassid - ``` - -- **/showclassid**: This option displays the DHCP class ID for the specified network adapter. - - ``` - ipconfig /showclassid - ``` - -In conclusion, IPConfig is a powerful and handy tool for managing and troubleshooting network connections on Windows systems. It allows you to view and modify network configuration settings, lease IP addresses, and interact with the DNS resolver cache easily. +- [@article@ipconfig command](https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/ipconfig) +- [@article@Understanding ipconfig](https://www.whatismyip.com/ipconfig/) diff --git a/src/data/roadmaps/cyber-security/content/ipsec@gNFVtBxSYP5Uw3o3tlJ0M.md b/src/data/roadmaps/cyber-security/content/ipsec@gNFVtBxSYP5Uw3o3tlJ0M.md index 3b04026fc..fd87524c4 100644 --- a/src/data/roadmaps/cyber-security/content/ipsec@gNFVtBxSYP5Uw3o3tlJ0M.md +++ b/src/data/roadmaps/cyber-security/content/ipsec@gNFVtBxSYP5Uw3o3tlJ0M.md @@ -3,3 +3,4 @@ IPSec, which stands for Internet Protocol Security, is a suite of protocols used to secure Internet communications by encrypting and authenticating IP packets. It is commonly utilized in Virtual Private Networks (VPNs) to ensure that data transmitted over public networks is not accessible to unauthorized individuals. IPSec operates by encrypting data at the source and decrypting it at the destination, maintaining the confidentiality and integrity of the data while in transit. Additionally, it provides authentication, ensuring that the data is being sent and received by the intended parties. This protocol suite is versatile as it can be used with both IPv4 and IPv6 networks, making it a fundamental component for secure online communication. - [@video@IP Sec VPN Fundamentals](https://www.youtube.com/watch?v=15amNny_kKI) +- [@article@What is IPSec?](https://www.cloudflare.com/en-gb/learning/network-layer/what-is-ipsec/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/iptables@jr8JlyqmN3p7Ol3_kD9AH.md b/src/data/roadmaps/cyber-security/content/iptables@jr8JlyqmN3p7Ol3_kD9AH.md index a7687d779..1fd9212e5 100644 --- a/src/data/roadmaps/cyber-security/content/iptables@jr8JlyqmN3p7Ol3_kD9AH.md +++ b/src/data/roadmaps/cyber-security/content/iptables@jr8JlyqmN3p7Ol3_kD9AH.md @@ -1,63 +1,8 @@ # iptables -**IPTables** is a command-line utility for configuring and managing packet filtering rules within the Linux operating system. It allows the system administrator to define and manage the firewall rules that control the incoming and outgoing network traffic. IPTables is an essential tool for securing Linux systems and ensuring proper network traffic flow. +IPTables is a command-line utility for configuring and managing packet filtering rules within the Linux operating system. It allows the system administrator to define and manage the firewall rules that control the incoming and outgoing network traffic. IPTables is an essential tool for securing Linux systems and ensuring proper network traffic flow. -## How IPTables Works +Learn more from the following resources: -IPTables is built upon a framework called _Netfilter_, which is embedded in the Linux kernel. Netfilter provides various operations on packets, such as filtering, modifying, and redirecting. IPTables makes use of these operations by providing a user-friendly interface to define rules based on various criteria like source IP address, destination IP address, protocol, and port numbers. - -IPTables organizes rules into chains, where each chain consists of a list of rules. There are three default chains: INPUT, OUTPUT, and FORWARD. These chains represent the different stages a packet goes through in the network stack: - -- **INPUT**: Applied to incoming packets destined for the local system. -- **OUTPUT**: Applied to outgoing packets originating from the local system. -- **FORWARD**: Applied to packets being routed through the local system. - -## Basic IPTables Usage - -To list the current IPTables rules, use the following command: - -``` -iptables -L -``` - -To add a new rule to a specific chain, use the `-A` flag followed by the chain name and the rule details: - -``` -iptables -A INPUT -s 192.168.1.2 -j DROP -``` - -This command adds a rule to the INPUT chain that drops all packets coming from the IP address 192.168.1.2. - -To delete a rule from a specific chain, use the `-D` flag followed by the chain name and the rule number: - -``` -iptables -D INPUT 3 -``` - -This command removes the third rule in the INPUT chain. - -To insert a rule at a specific position in a chain, use the `-I` flag followed by the chain name, rule number, and the rule details: - -``` -iptables -I INPUT 2 -s 192.168.1.3 -j DROP -``` - -This command inserts a rule at position 2 in the INPUT chain that drops all packets coming from the IP address 192.168.1.3. - -## Saving and Restoring IPTables Rules - -By default, IPTables rules are temporary and will be lost upon a system reboot. To save the current rules and make them persistent, use the following command: - -``` -iptables-save > /etc/iptables/rules.v4 -``` - -To restore the rules from a saved file, use the following command: - -``` -iptables-restore < /etc/iptables/rules.v4 -``` - -## Conclusion - -IPTables is a powerful tool for managing packet filtering rules in Linux systems. With proper configuration, it can greatly enhance your system's security and ensure smooth network traffic flow. Understanding IPTables can help you diagnose and resolve network-related issues while providing essential protection from cyber threats. +- [@article@iptables man page](https://linux.die.net/man/8/iptables) +- [@video@iptables complete guide](https://www.youtube.com/watch?v=6Ra17Qpj68c) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/iso@oRssaVG-K-JwlL6TAHhXw.md b/src/data/roadmaps/cyber-security/content/iso@oRssaVG-K-JwlL6TAHhXw.md index 3adf8df86..491ce8307 100644 --- a/src/data/roadmaps/cyber-security/content/iso@oRssaVG-K-JwlL6TAHhXw.md +++ b/src/data/roadmaps/cyber-security/content/iso@oRssaVG-K-JwlL6TAHhXw.md @@ -1,29 +1,8 @@ # ISO -The **International Organization for Standardization (ISO)** is an international standard-setting body composed of representatives from various national standards organizations. It promotes worldwide proprietary, industrial, and commercial standards. In the domain of cyber security, there are several important ISO standards that help organizations to protect their sensitive data and to be resilient against cyber threats. In this guide, we will discuss some of the most notable standards related to cyber security: +The International Organization for Standardization (ISO) is an international standard-setting body composed of representatives from various national standards organizations. It promotes worldwide proprietary, industrial, and commercial standards. In the domain of cyber security, there are several important ISO standards that help organizations to protect their sensitive data and to be resilient against cyber threats. -## ISO/IEC 27001 - Information Security Management +Learn more from the following resources: -ISO/IEC 27001 is a globally recognized standard that sets out requirements for an **Information Security Management System (ISMS)**. It provides a systematic approach to manage and secure sensitive data pertaining to an organization. By implementing this standard, organizations can demonstrate their commitment to maintaining the highest level of information security and reassure their customers, partners, and stakeholders. - -Key aspects of ISO/IEC 27001 include: - -- Establishing an information security policy -- Conducting a risk assessment and managing risk -- Implementing appropriate information security controls -- Monitoring and reviewing the effectiveness of the ISMS -- Continuously improving the ISMS - -## ISO/IEC 27032 - Cyber Security - -ISO/IEC 27032 is a guidance on **cybersecurity** that provides a framework for establishing and maintaining a secure cyberspace. This standard addresses various aspects such as information privacy, data integrity, and availability in the context of cyber risk. It covers guidelines for information sharing, incident management & coordination, and collaboration among stakeholders in cyberspace. - -## ISO/IEC 27035 - Incident Management - -ISO/IEC 27035 is a standard for **Information Security Incident Management**. It assists organizations in preparing for, identifying, and handling information security incidents. This standard covers the entire lifecycle of an incident from preparedness to lessons learned. By effectively managing incidents, organizations can minimize the adverse impact of incidents and improve their overall security posture. - -## ISO/IEC 27701 - Privacy Information Management - -ISO/IEC 27701 is an extension to ISO/IEC 27001 and ISO/IEC 27002 that provides a framework for managing the **privacy of personal information**. This standard helps organizations to comply with data protection laws and regulations, such as the General Data Protection Regulation (GDPR). Key elements include data minimization, data subject access, data breach notification, and third-party management. - -In conclusion, the ISO has established several robust cyber security standards that organizations can adopt to protect their sensitive data and ensure business continuity. By implementing these standards, you can mitigate risks associated with cyber attacks and ensure the overall security and compliance in your organization. \ No newline at end of file +- [@official@ISO Website](https://www.iso.org/home.html) +- [@article@What is the ISO?](https://www.techtarget.com/searchdatacenter/definition/ISO#:~:text=ISO%20(International%20Organization%20for%20Standardization)%20is%20a%20worldwide,federation%20of%20national%20standards%20bodies.) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/javascript@2SThr6mHpX6rpW-gmsqxG.md b/src/data/roadmaps/cyber-security/content/javascript@2SThr6mHpX6rpW-gmsqxG.md index 70d0a787f..4985a7eaf 100644 --- a/src/data/roadmaps/cyber-security/content/javascript@2SThr6mHpX6rpW-gmsqxG.md +++ b/src/data/roadmaps/cyber-security/content/javascript@2SThr6mHpX6rpW-gmsqxG.md @@ -2,45 +2,8 @@ JavaScript (often abbreviated as JS) is a widely-used, high-level programming language. It is predominantly used for creating and enhancing the interactive elements of web pages, making it an integral part of the web development space. JavaScript was initially known as LiveScript and was created by Brendan Eich in 1995, but it later got renamed to JavaScript. -## Features of JavaScript: +Learn more from the following resources: -- **Interpreted Language:** JavaScript does not need to be compiled before it is run which makes it easier to find errors in the code. -- **Object-Oriented Programming:** JavaScript supports object-oriented programming (OOP) concepts, making it easier for developers to work with complex data structures and code. -- **Event-driven:** JavaScript supports event-driven programming, allowing developers to create interactive elements and respond to user actions like clicks and keypress events on the web page. -- **Cross-platform Compatibility:** JavaScript can be run on any browser, platform, or operating system, making it a highly versatile language. - -## JavaScript in Web Development - -JavaScript is an essential part of web development primarily due to its ability to manipulate and interact with HTML and CSS elements on a web page. - -Some common uses for JavaScript in web development: - -- **Form Validation:** Validating user inputs in contact forms, registrations forms, and other user input scenarios. -- **Image Sliders and Galleries:** Creating dynamic image sliders and galleries on websites to enhance user experience. -- **Interactive Maps:** Integrating interactive maps into websites for display or directions. -- **Animation:** Adding animations to elements on a webpage for a more engaging experience. - -## JavaScript Libraries and Frameworks - -JavaScript has many libraries and frameworks to help developers work more efficiently and to attain better results. Some popular libraries and frameworks include: - -_jQuery:_ A highly popular JavaScript library that simplifies DOM manipulation, event handling, and animations. - -_React:_ Developed by Facebook, it is a JavaScript library for building interactive user interfaces (UI). - -_Angular:_ A powerful, Google-developed JavaScript framework used for developing dynamic web applications. - -_Vue.js:_ A lightweight, easy-to-learn JavaScript framework for building interactive user interfaces. - -_Node.js:_ A JavaScript runtime environment built on Chrome's V8 JavaScript engine, allowing developers to run JavaScript on the server-side. - -## Learning JavaScript - -Here are some resources to sharpen your JavaScript programming skills: - -- [@article@Mozilla Developer Network (MDN) JavaScript Guide](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide) -- [@article@W3Schools JavaScript Tutorial](https://www.w3schools.com/js/) -- [@article@Eloquent JavaScript: A Modern Introduction to Programming](https://eloquentjavascript.net/) (book) -- [@feed@Explore top posts about JavaScript](https://app.daily.dev/tags/javascript?ref=roadmapsh) - -By mastering JavaScript, you'll be better equipped to build more interactive and dynamic web applications, thus enhancing your overall cyber security skills. +- [@roadmap@JavaScript Roadmap](https://roadmap.sh/javascript) +- [@article@What is JavaScript?](https://developer.mozilla.org/en-US/docs/Learn/JavaScript/First_steps/What_is_JavaScript) +- [@video@100 JavaScript concepts you need to know](https://www.youtube.com/watch?v=lkIFF4maKMU) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/joe-sandbox@h__KxKa0Q74_egY7GOe-L.md b/src/data/roadmaps/cyber-security/content/joe-sandbox@h__KxKa0Q74_egY7GOe-L.md index e69de29bb..b1f6448a4 100644 --- a/src/data/roadmaps/cyber-security/content/joe-sandbox@h__KxKa0Q74_egY7GOe-L.md +++ b/src/data/roadmaps/cyber-security/content/joe-sandbox@h__KxKa0Q74_egY7GOe-L.md @@ -0,0 +1,8 @@ +# Joe Sandbox + +Joe Sandbox is an advanced malware analysis platform that allows security professionals to analyze suspicious files, URLs, and documents in a controlled and isolated environment known as a sandbox. This platform provides in-depth behavioral analysis by executing the potentially malicious code in a virtualized environment to observe its actions, such as file modifications, network communications, and registry changes, without risking the integrity of the actual network or systems. Joe Sandbox supports a wide range of file types and can detect and analyze complex, evasive malware that may attempt to avoid detection in less sophisticated environments. The insights generated from Joe Sandbox are crucial for understanding the nature of the threat, aiding in the development of countermeasures, and enhancing overall cybersecurity defenses. + +Learn more from the following resources: + +- [@official@Joe Sandbox Website](https://www.joesandbox.com/#windows) +- [@video@Cybersecurity Sandbox for Security Analysts](https://www.youtube.com/watch?v=FJGmRzY1igY) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/jump-server@UF3BV1sEEOrqh5ilnfM1B.md b/src/data/roadmaps/cyber-security/content/jump-server@UF3BV1sEEOrqh5ilnfM1B.md index 8cfcc1259..1e5441992 100644 --- a/src/data/roadmaps/cyber-security/content/jump-server@UF3BV1sEEOrqh5ilnfM1B.md +++ b/src/data/roadmaps/cyber-security/content/jump-server@UF3BV1sEEOrqh5ilnfM1B.md @@ -2,19 +2,7 @@ A **jump server**, also known as a **bastion host** or **jump host**, is a critical security component in many network architectures. It is a dedicated, locked-down, and secure server that sits within a protected network, and provides a controlled access point for users and administrators to access specific components within the system. This intermediate server acts as a bridge between untrusted networks and the internal privileged systems, thereby reducing the attack surface and securing the environment. -## Key Features +Learn more from the following resources: -- **Isolation**: The primary function of the jump server is to provide a level of isolation between the outside world and critical network infrastructure. Users must first authenticate on the jump server before accessing the target systems. -- **Access Control**: Jump servers enforce strict access control policies by allowing only authorized users and administrators to access the privileged systems. -- **Monitoring**: All activities on the jump server are logged and monitored, creating an audit trail for any suspicious activity or attempts at unauthorized access. -- **Patching and Updating**: Jump servers are kept up-to-date with the latest security patches and updates, ensuring that they are resilient to new vulnerabilities and attacks. - -## Best Practices for Implementing a Jump Server - -- **Implement Multi-Factor Authentication (MFA)**: Require multiple forms of authentication to access the jump server. This reduces the risk of unauthorized access through stolen or weak credentials. -- **Restrict User Privileges**: Limit user privileges on the jump server to minimize the potential for unauthorized actions. Users should only be granted the minimum permissions needed to perform their tasks. -- **Harden the Operating System**: Configure the jump server's operating system with security best practices in mind. This includes disabling unnecessary services, applying least privilege principles, and regularly updating the system with the latest patches. -- **Employ Network Segmentation**: Deploy the jump server in a separate network segment from the rest of the environment. Implement strong firewall rules and access control lists (ACLs) to control traffic between the segments. -- **Monitor and Audit**: Regularly monitor and review the logs and activity on the jump server to detect and investigate security incidents. Enable security alerts and notifications for suspicious activities. - -In summary, a jump server is a crucial security component that helps protect sensitive network environments by providing isolation, access control, and monitoring. By properly configuring and managing a jump server, organizations can significantly reduce the risk of unauthorized access and potential security breaches. +- [@article@What is a jump server?](https://www.ssh.com/academy/iam/jump-server) +- [@video@What is a bastion host and why is it so important?](https://www.youtube.com/watch?v=pI6glWVEkcY) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/kali-linux@w6wXkoLrv0_d-Ah0txUHd.md b/src/data/roadmaps/cyber-security/content/kali-linux@w6wXkoLrv0_d-Ah0txUHd.md index 6437aa6b3..f41dd7575 100644 --- a/src/data/roadmaps/cyber-security/content/kali-linux@w6wXkoLrv0_d-Ah0txUHd.md +++ b/src/data/roadmaps/cyber-security/content/kali-linux@w6wXkoLrv0_d-Ah0txUHd.md @@ -2,8 +2,6 @@ Kali Linux is a specialized Linux distribution that is designed for penetration testing, security auditing, and related information security tasks. Originating from the Debian distribution, Kali Linux is equipped with a vast array of tools that are used for ethical hacking purposes. It is an open-source project that provides users with the means to test the security of systems and networks by simulating attacks in a controlled environment. -## Tools - With over 600 pre-installed penetration-testing programs, Kali Linux offers tools for various security-related tasks, such as network analysis, vulnerability scanning, and forensic analysis. Its development is overseen by Offensive Security, a company known for their contributions to the field of information security. Kali Linux is highly customizable, allowing users to tailor the system to their specific needs, and supports a wide range of hardware platforms. It is a powerful resource for professionals in the cybersecurity field, as well as for those who are passionate about learning and practicing ethical hacking techniques. - [@official@Kali Linux](https://www.kali.org/) diff --git a/src/data/roadmaps/cyber-security/content/kerberos@lG6afUOx3jSQFxbH92otL.md b/src/data/roadmaps/cyber-security/content/kerberos@lG6afUOx3jSQFxbH92otL.md index d652258fd..a2ca2b838 100644 --- a/src/data/roadmaps/cyber-security/content/kerberos@lG6afUOx3jSQFxbH92otL.md +++ b/src/data/roadmaps/cyber-security/content/kerberos@lG6afUOx3jSQFxbH92otL.md @@ -2,37 +2,7 @@ Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications. It was developed by MIT in the 1980s and is named after the three-headed dog from Greek mythology that guarded the gates of Hades, symbolizing the protocol's aim to provide secure authentication in a potentially hostile network environment. -## How Kerberos works +Learn more from the following resources: -Kerberos relies on a trusted third party called the Key Distribution Center (KDC). The KDC maintains a database of secret keys for each user and service on the network. The protocol uses symmetric key cryptography, meaning that both the client and the server know the same shared encryption key. - -The main goal of Kerberos is to prove the identity of both the client and the server to each other so that they can securely exchange information. To achieve this, the protocol uses tickets - encrypted messages containing information about the client's identity, the server's identity, and a shared session key. - -Here is a high-level summary of the Kerberos authentication process: - -- The client requests a ticket from the KDC by providing its username. -- The KDC generates a ticket, encrypts it using the client's secret key, and sends it back to the client. -- The client decrypts the ticket and obtains a session key that it will use to securely communicate with the server. -- To access a specific service, the client requests a service ticket from the KDC. The request includes its ticket and the target server's identifier. -- The KDC generates a service ticket, encrypts it using the server's secret key, and sends it back to the client. -- The client sends the service ticket to the server along with a message, encrypted using the session key, to establish its identity. -- The server decrypts the service ticket, extracts the session key, and uses it to decrypt the client's message. -- After verifying the client's identity, the server allows access to the requested service and sends an encrypted message to confirm authentication. - -## Benefits of Kerberos - -- **Secure**: Kerberos provides strong authentication using encrypted tickets, making it difficult for attackers to intercept and forge. -- **Centralized**: The KDC centralizes authentication management, making it easier to control and maintain user access. -- **Scalable**: The protocol is designed to support large networks, making it a popular choice for enterprise environments. -- **Interoperable**: Kerberos is an open standard supported by many different platforms and vendors. - -## Limitations - -- **KDC reliance**: The KDC is a single point of failure. If it's compromised or goes offline, authentication on the network will be disrupted. -- **Time-sensitive**: Kerberos is sensitive to time differences between servers and clients. Synchronized clocks are necessary to maintain accurate ticket lifetimes and prevent replay attacks. -- **Complexity**: The protocol can be complex to set up and requires proper management of secret keys. - -In summary, Kerberos is a robust and widely used authentication protocol that helps secure client/server communications. Its centralized management and strong security measures make it an excellent choice for organizations with demanding authentication requirements. However, it also has its limitations and complexities that must be carefully managed to maintain a secure and efficient authentication process. - -- [@video@Kerberos authentication process](https://youtu.be/_44CHD3Vx-0) -- [@feed@Explore top posts about Kerberos](https://app.daily.dev/tags/kerberos?ref=roadmapsh) +- [@video@Kerberos Authentication Explained](https://www.youtube.com/watch?v=5N242XcKAsM) +- [@article@What is Kerberos?](https://www.fortinet.com/resources/cyberglossary/kerberos-authentication) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/key-exchange@rmR6HJqEhHDgX55Xy5BAW.md b/src/data/roadmaps/cyber-security/content/key-exchange@rmR6HJqEhHDgX55Xy5BAW.md index b09a54367..d6ad91dde 100644 --- a/src/data/roadmaps/cyber-security/content/key-exchange@rmR6HJqEhHDgX55Xy5BAW.md +++ b/src/data/roadmaps/cyber-security/content/key-exchange@rmR6HJqEhHDgX55Xy5BAW.md @@ -1,43 +1,8 @@ # Key Exchange -Key exchange, also known as key establishment, is a process where two parties establish a shared secret key that can be used to encrypt and decrypt messages between them. This key ensures secure communication, preventing eavesdropping and tampering by third parties. There are various key exchange protocols and algorithms to choose from, and in this section, we will go over some of the most important ones. +Key exchange is a cryptographic process through which two parties securely share encryption keys over a potentially insecure communication channel. This process is fundamental in establishing a secure communication session, such as in SSL/TLS protocols used for internet security. The most widely known key exchange method is the Diffie-Hellman key exchange, where both parties generate a shared secret key, which can then be used for encrypting subsequent communications. Another common method is the RSA key exchange, which uses public-key cryptography to securely exchange keys. The goal of key exchange is to ensure that only the communicating parties can access the shared key, which is then used to encrypt and decrypt messages, thereby protecting the confidentiality and integrity of the transmitted data. -## Symmetric vs Asymmetric Encryption +Learn more from the following resources: -Before diving into key exchange methods, let's briefly differentiate between symmetric and asymmetric encryption: - -- **Symmetric encryption** uses the same key for encryption and decryption. Examples include the Advanced Encryption Standard (AES) and Triple Data Encryption Algorithm (3DES). The main challenge in symmetric encryption is securely sharing the key between the involved parties. - -- **Asymmetric encryption**, also known as public-key cryptography, uses two different keys - a private key and a public key. The private key is kept secret, while the public key is shared freely. You can encrypt a message using the recipient's public key, and only the corresponding private key can decrypt it. Examples of asymmetric encryption algorithms include RSA and Elliptic Curve Cryptography (ECC). - -## Diffie-Hellman Key Exchange - -Diffie-Hellman (DH) is a cryptographic protocol that enables two parties to agree on a shared secret key without prior knowledge of each other. The key exchange happens over a public channel and is based on the mathematical properties of modular arithmetic and exponentiation. - -Here's an outline of how the DH protocol works: - -- Both parties agree on a large prime number, `p`, and a base, `g`, which are publicly known and can be used by all users in the network. -- Each party generates a private secret key: Alice generates `a`, and Bob generates `b`. These keys should remain confidential. -- They compute public values: Alice calculates `A = g^a mod p`, and Bob calculates `B = g^b mod p`. Both `A` and `B` are sent over the public channel. -- The shared secret key is calculated using public values: Alice computes `s = B^a mod p`, and Bob computes `s = A^b mod p`. Both calculations result in the same value `s`, which can be used as the shared key for symmetric encryption. - -The security of DH relies on the difficulty of the Discrete Logarithm Problem (DLP). However, DH is susceptible to man-in-the-middle (MITM) attacks, where an attacker can intercept the public key exchange process and provide their public keys instead. - -## Elliptic Curve Diffie-Hellman (ECDH) - -Elliptic Curve Diffie-Hellman (ECDH) is a variant of the DH protocol that uses elliptic curve cryptography instead of modular arithmetic. ECDH provides similar security to DH but with shorter key lengths, which results in faster computations and reduced resource consumption. - -ECDH works similarly to the standard DH protocol, but with elliptic curve operations: - -- Both parties agree on an elliptic curve and a base point `G` on the curve. -- Each party generates a private secret key: Alice generates `a`, and Bob generates `b`. -- They compute public values: Alice calculates the point `A = aG`, and Bob calculates the point `B = bG`. Both `A` and `B` are sent over the public channel. -- The shared secret key is calculated using public values: Alice computes `s = aB`, and Bob computes `s = bA`. These calculations result in the same point `s`, which can be used as the shared key for symmetric encryption. - -## Public-Key Infrastructure and Key Exchange - -In practice, secure key exchange often involves the use of public-key infrastructure (PKI). A PKI system consists of a hierarchy of trusted authorities, known as Certificate Authorities (CAs), which issue and verify digital certificates. Certificates are used to authenticate public keys and their ownership, helping mitigate man-in-the-middle attacks. - -During key exchange, parties exchange certificates to verify each other's public keys. This process is often followed by a secure key exchange protocol like DH or ECDH to establish a shared secret key for symmetric encryption. - -In conclusion, key exchange protocols play a crucial role in ensuring secure communication. Understanding the fundamentals of key exchange and its various mechanisms can greatly help in achieving robust cybersecurity. +- [@article@Key Exchange](https://nordvpn.com/cybersecurity/glossary/key-exchange/?srsltid=AfmBOoocoykou-7M3OHUQq7APIsGDVjOR8P6wIcIvNA2fgOt1620RZwG) +- [@video@Secret Key Exchange](https://www.youtube.com/watch?v=NmM9HA2MQGI) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/kill-chain@7Bmp4x6gbvWMuVDdGRUGj.md b/src/data/roadmaps/cyber-security/content/kill-chain@7Bmp4x6gbvWMuVDdGRUGj.md index e69de29bb..ff03af00a 100644 --- a/src/data/roadmaps/cyber-security/content/kill-chain@7Bmp4x6gbvWMuVDdGRUGj.md +++ b/src/data/roadmaps/cyber-security/content/kill-chain@7Bmp4x6gbvWMuVDdGRUGj.md @@ -0,0 +1,18 @@ +# Cyber Kill Chain + +The **Cyber Kill Chain** is a model that was developed by Lockheed Martin, a major aerospace, military support, and security company, to understand and prevent cyber intrusions in various networks and systems. It serves as a framework for breaking down the stages of a cyber attack, making it easier for security professionals to identify, mitigate, and prevent threats. + +The concept is based on a military model, where the term "kill chain" represents a series of steps needed to successfully target and engage an adversary. In the context of cybersecurity, the model breaks down the stages of a cyber attack into seven distinct phases: + +- **Reconnaissance**: This initial phase involves gathering intelligence on the target, which may include researching public databases, performing network scans, or social engineering techniques. +- **Weaponization**: In this stage, the attacker creates a weapon – such as a malware, virus, or exploit – and packages it with a delivery mechanism that can infiltrate the target's system. +- **Delivery**: The attacker selects and deploys the delivery method to transmit the weapon to the target. Common methods include email attachments, malicious URLs, or infected software updates. +- **Exploitation**: This is the phase where the weapon is activated, taking advantage of vulnerabilities in the target's systems or applications to execute the attacker's code. +- **Installation**: Once the exploit is successful, the attacker installs the malware on the victim's system, setting the stage for further attacks or data exfiltration. +- **Command and Control (C2)**: The attacker establishes a communication channel with the infected system, allowing them to remotely control the malware and conduct further actions. +- **Actions on Objectives**: In this final phase, the attacker achieves their goal, which may involve stealing sensitive data, compromising systems, or disrupting services. + +Learn more from the following resources: + +- [@official@Cyber Kill Chain](https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html) +- [@video@Learn the Cyber Kill Chain](https://www.youtube.com/watch?v=oCUrkc_0tmw) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/known-vs-unknown@HPlPGKs7NLqmBidHJkOZg.md b/src/data/roadmaps/cyber-security/content/known-vs-unknown@HPlPGKs7NLqmBidHJkOZg.md index 92b6e73d4..1462d9630 100644 --- a/src/data/roadmaps/cyber-security/content/known-vs-unknown@HPlPGKs7NLqmBidHJkOZg.md +++ b/src/data/roadmaps/cyber-security/content/known-vs-unknown@HPlPGKs7NLqmBidHJkOZg.md @@ -1,26 +1,12 @@ # Known vs Unknown -In the realm of cyber security, threats can be classified as known or unknown based on their familiarity and the level of awareness about them. Understanding the difference between these two types of threats is essential for effectively implementing security measures and mitigating potential risks. +"known" and "unknown" refer to the classification of threats based on the visibility and familiarity of the attack or vulnerability. -## Known Threats +- **Known Threats** are those that have been previously identified and documented, such as malware signatures, vulnerabilities, or attack patterns. Security solutions like antivirus software and intrusion detection systems typically rely on databases of known threats to recognize and block them. These threats are easier to defend against because security teams have the tools and knowledge to detect and mitigate them. -Known threats are those that have been identified, studied, and documented by the security community. They are the types of threats that security vendors have had the opportunity to analyze and develop protective measures against. These threats include: +- **Unknown Threats**, on the other hand, refer to new, emerging, or sophisticated threats that have not been previously encountered or documented. These can include zero-day vulnerabilities, which are software flaws not yet known to the vendor or the public, or advanced malware designed to evade traditional defenses. Unknown threats require more advanced detection techniques, such as behavioral analysis, machine learning, or heuristic-based detection, to identify anomalies and suspicious activities that don't match known patterns. -- Malware: Such as viruses, worms, and Trojans that have known signatures and behavior patterns. -- Phishing: Social engineering attacks using deceptive emails, texts, or websites to trick users into providing sensitive information or downloading harmful files. -- Exploits: Taking advantage of known vulnerabilities in software and hardware. -- Common Attack Patterns: Recognizable attack techniques, such as SQL injection, that have well-documented solutions and mitigation strategies. +Learn more from the following resources: -To defend against known threats, organizations should keep their security software, operating systems, and applications up-to-date. Regularly patching vulnerabilities, training employees to recognize phishing scams, and following best practices for secure configurations can help protect against these known risks. - -## Unknown Threats - -Unknown threats are those that have not yet been identified or documented by the security community. They represent a greater challenge to organizations due to their unpredictable nature and the lack of available defense mechanisms. Examples of unknown threats include: - -- Zero-Day Vulnerabilities: Security flaws that are unknown to the software or hardware vendor and for which security patches do not yet exist. -- Advanced Persistent Threats (APTs): Highly skilled, persistent adversaries that operate stealthily, often using custom-developed tools, to compromise a target's network over an extended period. -- Novel Malware Types: New or significantly altered forms of malware that do not have known signatures, making them difficult to detect with traditional security tools. - -Defending against unknown threats requires a proactive approach. Incorporating threat intelligence, network monitoring, and behavior-based anomaly detection can help organizations identify potential threats before they cause damage. Additionally, following the principle of least privilege, segmenting networks, and maintaining strong data encryption can reduce the impact of unknown threats when they are discovered. - -In conclusion, understanding the difference between known and unknown threats is crucial for implementing effective cyber security measures. By staying informed about the latest threats and investing in the right security tools and practices to tackle both known and unknown risks, organizations can better protect their networks, systems, and data from cyber attacks. +- [@video@Detecting known threats](https://www.youtube.com/watch?v=hOaHDVMQ9_s) +- [@video@How to deal with unknown threats](https://www.youtube.com/watch?v=CH4tX_MVLh0) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/ldaps@z_fDvTgKw51Uepo6eMQd9.md b/src/data/roadmaps/cyber-security/content/ldaps@z_fDvTgKw51Uepo6eMQd9.md index e69de29bb..3a5c1797c 100644 --- a/src/data/roadmaps/cyber-security/content/ldaps@z_fDvTgKw51Uepo6eMQd9.md +++ b/src/data/roadmaps/cyber-security/content/ldaps@z_fDvTgKw51Uepo6eMQd9.md @@ -0,0 +1,12 @@ +# Lightweight Directory Access Protocol Secure (LDAPS) + +LDAPS (Lightweight Directory Access Protocol Secure) is a secure version of the Lightweight Directory Access Protocol (LDAP), which is used to access and manage directory services over a network. LDAP is commonly employed for user authentication, authorization, and management in environments like Active Directory, where it helps manage access to resources such as applications and systems. + +LDAPS adds security by encrypting LDAP traffic using SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols, protecting sensitive information like usernames, passwords, and directory data from being intercepted or tampered with during transmission. This encryption ensures data confidentiality and integrity, making LDAPS a preferred choice for organizations that require secure directory communication. + +By using LDAPS, organizations can maintain the benefits of LDAP while ensuring that sensitive directory operations are protected from potential eavesdropping or man-in-the-middle attacks on the network. + +Learn more from the following resources: + +- [@video@LDAP vs LDAPS - Whats the difference?](https://www.youtube.com/watch?v=J2qtayKzMmA) +- [@article@How to enable LDAPS](https://www.dell.com/support/kbdoc/en-uk/000212661/how-to-enable-secure-lightweight-directory-access-protocol-ldaps-on-an-active-directory-domain-controller) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/legal@C5bCIdPi0gGkY_r4qqoXZ.md b/src/data/roadmaps/cyber-security/content/legal@C5bCIdPi0gGkY_r4qqoXZ.md index e69de29bb..bcbfe0edb 100644 --- a/src/data/roadmaps/cyber-security/content/legal@C5bCIdPi0gGkY_r4qqoXZ.md +++ b/src/data/roadmaps/cyber-security/content/legal@C5bCIdPi0gGkY_r4qqoXZ.md @@ -0,0 +1,8 @@ +# Legal + +A legal department within an organization is responsible for handling all legal matters that affect the business, ensuring compliance with laws and regulations, and providing advice on various legal issues. Its primary functions include managing contracts, intellectual property, employment law, and regulatory compliance, as well as addressing disputes, litigation, and risk management. The legal department also plays a crucial role in corporate governance, ensuring that the company operates within the boundaries of the law while minimizing legal risks. In some cases, they work with external legal counsel for specialized legal matters, such as mergers and acquisitions or complex litigation. + +Learn more from the following resources: + +- [@article@Key functions of a legal team](https://uk.practicallaw.thomsonreuters.com/w-009-3932?transitionType=Default&contextData=(sc.Default)&firstPage=true) +- [@article@The Legal Team’s Responsibility in Corporate Cybersecurity](https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/expert-insight-the-legal-teams-responsibility-in-corporate-cybersecurity/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/linux@4frVcjYI1VlVU9hQgpwcT.md b/src/data/roadmaps/cyber-security/content/linux@4frVcjYI1VlVU9hQgpwcT.md index c52fd5644..af2d484e5 100644 --- a/src/data/roadmaps/cyber-security/content/linux@4frVcjYI1VlVU9hQgpwcT.md +++ b/src/data/roadmaps/cyber-security/content/linux@4frVcjYI1VlVU9hQgpwcT.md @@ -32,8 +32,9 @@ While Linux is inherently secure, there are best practices to enhance your syste By understanding Linux's features and best practices, you can leverage its powerful capabilities and robust security features to enhance your computing environment's performance and safety. -Recommended resources include: +Learn more from the following resources: +- [@roadmap@Linux Roadmap](https://roadmap.sh/linux) - [@article@Learn Linux](https://linuxjourney.com/) - [@video@Linux in 100 Seconds](https://www.youtube.com/watch?v=rrB13utjYV4) - [@video@Introduction to Linux](https://youtu.be/sWbUDq4S6Y8) diff --git a/src/data/roadmaps/cyber-security/content/management@s9tHpzYRj2HCImwQhnjFM.md b/src/data/roadmaps/cyber-security/content/management@s9tHpzYRj2HCImwQhnjFM.md index e69de29bb..0e672fbab 100644 --- a/src/data/roadmaps/cyber-security/content/management@s9tHpzYRj2HCImwQhnjFM.md +++ b/src/data/roadmaps/cyber-security/content/management@s9tHpzYRj2HCImwQhnjFM.md @@ -0,0 +1,8 @@ +# Management + +The Management Department in a company is responsible for overseeing the organization's overall operations, strategy, and performance. It typically consists of senior executives and managers who make critical decisions, set goals, and provide leadership across various functional areas. This department focuses on planning, organizing, directing, and controlling resources to achieve organizational objectives. Key responsibilities include developing business strategies, managing budgets, overseeing human resources, ensuring regulatory compliance, and driving organizational growth. The Management Department also plays a crucial role in fostering company culture, facilitating communication between different departments, and adapting the organization to changing market conditions and internal needs. + +Learn more from the following resources: + +- [@article@Who Holds the Ultimate Responsibility for Cyber Security?](https://resolutionit.com/news/who-holds-the-ultimate-responsibility-for-cyber-security/) +- [@article@Cybersecurity – a responsibility of top management](https://www.valmet.com/insights/articles/experts-voice/cybersecurity--a-responsibility-of-top-management/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/memory-leak@nOND14t7ISgSH3zNpV3F8.md b/src/data/roadmaps/cyber-security/content/memory-leak@nOND14t7ISgSH3zNpV3F8.md index b111c9924..d019f1781 100644 --- a/src/data/roadmaps/cyber-security/content/memory-leak@nOND14t7ISgSH3zNpV3F8.md +++ b/src/data/roadmaps/cyber-security/content/memory-leak@nOND14t7ISgSH3zNpV3F8.md @@ -1,3 +1,6 @@ -# Memory Leak - -A Memory Leak occurs when a computer program consumes memory but fails to release it back to the operating system after it is no longer needed. Over time, this can lead to reduced system performance, increased memory usage, and, in severe cases, the program or system may crash due to the exhaustion of available memory. +# Memory Leak + +A Memory Leak occurs when a computer program consumes memory but fails to release it back to the operating system after it is no longer needed. Over time, this can lead to reduced system performance, increased memory usage, and, in severe cases, the program or system may crash due to the exhaustion of available memory. + +- [@article@What are memory leaks?](https://learn.snyk.io/lesson/memory-leaks/) +- [@video@What are memory leaks?](https://www.youtube.com/watch?v=00Kdpgl6fsY) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/mesh@PYeF15e7iVB9seFrrO7W6.md b/src/data/roadmaps/cyber-security/content/mesh@PYeF15e7iVB9seFrrO7W6.md index cd106ae54..a2b53fb78 100644 --- a/src/data/roadmaps/cyber-security/content/mesh@PYeF15e7iVB9seFrrO7W6.md +++ b/src/data/roadmaps/cyber-security/content/mesh@PYeF15e7iVB9seFrrO7W6.md @@ -1,19 +1,8 @@ # Mesh -Mesh topology is a network configuration that involves direct connections between each node or device within the network. In other words, each node is connected to every other node in the network, resulting in a highly interconnected structure. This topology is commonly used in wireless communication systems, where devices communicate with one another directly without the need for a centralized hub or switch. +Mesh topology is a network architecture where devices or nodes are interconnected with multiple direct, point-to-point links to every other node in the network. This structure allows data to travel from source to destination through multiple paths, enhancing reliability and fault tolerance. In a full mesh topology, every node is connected to every other node, while in a partial mesh, only some nodes have multiple connections. Mesh networks are highly resilient to failures, as traffic can be rerouted if a link goes down. They're commonly used in wireless networks, IoT applications, and critical infrastructure where redundancy and self-healing capabilities are crucial. However, mesh topologies can be complex and expensive to implement, especially in large networks due to the high number of connections required. -## Advantages of Mesh Topology +Learn more from the following resources: -- **Increased reliability**: Mesh topology is highly reliable, as the failure of one node or connection does not affect the performance of the entire network. If a connection fails, data can still travel through alternative routes within the network, ensuring uninterrupted communication. -- **Fault tolerance**: Mesh networks have a high level of fault tolerance, as they can easily recover from hardware failures or network errors. This is especially useful for critical systems that require high availability and resilience. -- **Scalability**: Mesh networks are highly scalable, as there are no limitations on the number of devices that can be added to the network. This is particularly useful for large organizations or rapidly changing environments that require the ability to easily grow and adapt. -- **Improved data transmission**: The direct connections between nodes in a mesh network provide multiple pathways for data transmission, resulting in faster, more efficient communication with fewer bottlenecks or congestion points. - -## Disadvantages of Mesh Topology - -- **Complexity**: Mesh topology can be quite complex, particularly as the number of devices increases. This can lead to challenges in configuring, managing, and troubleshooting the network. -- **High costs**: Implementing a mesh topology can be expensive due to the large number of connections and high-quality hardware required to maintain a reliable, efficient network. -- **Increased latency**: As data travels through multiple nodes before reaching its destination, this can sometimes result in increased latency compared to other network topologies. -- **Power consumption**: Wireless mesh networks, in particular, can consume more power than other topologies due to the need for each node to maintain multiple connections, potentially reducing the battery life of devices. - -In summary, mesh topology offers a robust, fault-tolerant, and scalable network configuration ideal for systems that demand high reliability and flexible growth. However, its complexity, costs, and potential latency and power consumption issues need to be carefully considered when deciding whether it is the most suitable network topology for a specific scenario. +- [@article@What is mesh topology?](https://www.lenovo.com/gb/en/glossary/mesh-topology) +- [@article@Mesh topology explained](https://www.computerhope.com/jargon/m/mesh.htm) diff --git a/src/data/roadmaps/cyber-security/content/mitm@ODlVT6MhV-RVUbRMG0mHi.md b/src/data/roadmaps/cyber-security/content/mitm@ODlVT6MhV-RVUbRMG0mHi.md index e69de29bb..20dbc302f 100644 --- a/src/data/roadmaps/cyber-security/content/mitm@ODlVT6MhV-RVUbRMG0mHi.md +++ b/src/data/roadmaps/cyber-security/content/mitm@ODlVT6MhV-RVUbRMG0mHi.md @@ -0,0 +1,7 @@ +# Man-in-the-middle attack + +A Man-in-the-Middle (MITM) attack occurs when a malicious actor intercepts communication between two parties, such as a user and a website, without their knowledge. The attacker can eavesdrop, alter, or inject false information into the communication, often to steal sensitive data like login credentials or manipulate transactions. MITM attacks are commonly executed through compromised Wi-Fi networks or by exploiting security vulnerabilities in protocols. + +Visit the following resources to learn more: + +- [@article@Wikipedia - Man-in-the-middle attack](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/parrotos@zR6djXnfTSFVEfvJonQjf.md b/src/data/roadmaps/cyber-security/content/parrotos@zR6djXnfTSFVEfvJonQjf.md index e69de29bb..4dec48822 100644 --- a/src/data/roadmaps/cyber-security/content/parrotos@zR6djXnfTSFVEfvJonQjf.md +++ b/src/data/roadmaps/cyber-security/content/parrotos@zR6djXnfTSFVEfvJonQjf.md @@ -0,0 +1,7 @@ +# ParrotOS + +ParrotOS is a Debian-based Linux distribution designed for security, privacy, and development. It includes a comprehensive suite of tools for penetration testing, digital forensics, and vulnerability assessment, making it popular among cybersecurity professionals and ethical hackers. ParrotOS also features privacy-focused applications and settings, and it provides an environment for developers and privacy-conscious users to work securely. + +Visit the following resources to learn more: + +- [@official@ParrotOS](https://parrotsec.org/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/sandboxing@SLKwuLHHpC7D1FqrpPRAe.md b/src/data/roadmaps/cyber-security/content/sandboxing@SLKwuLHHpC7D1FqrpPRAe.md index e69de29bb..aabc29b61 100644 --- a/src/data/roadmaps/cyber-security/content/sandboxing@SLKwuLHHpC7D1FqrpPRAe.md +++ b/src/data/roadmaps/cyber-security/content/sandboxing@SLKwuLHHpC7D1FqrpPRAe.md @@ -0,0 +1,7 @@ +# Sandboxing + +Sandboxing is a security technique where a program or code is isolated in a controlled environment, or "sandbox," to prevent it from affecting other parts of the system. This isolation allows suspicious or untrusted code, such as software, scripts, or files, to be executed and analyzed safely without risking harm to the host system. Sandboxing is commonly used to detect malware or test potentially harmful applications in cybersecurity. + +Visit the following resources to learn more: + +- [@article@What is Sandboxing?](https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-sandboxing/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/spoofing@LteSouUtAj3JWWOzcjQPl.md b/src/data/roadmaps/cyber-security/content/spoofing@LteSouUtAj3JWWOzcjQPl.md index e69de29bb..09a93ec90 100644 --- a/src/data/roadmaps/cyber-security/content/spoofing@LteSouUtAj3JWWOzcjQPl.md +++ b/src/data/roadmaps/cyber-security/content/spoofing@LteSouUtAj3JWWOzcjQPl.md @@ -0,0 +1,7 @@ +# Spoofing + +Spoofing is a form of deception where someone or something pretends to be another person, device, or entity to mislead or gain an advantage. In technology and cybersecurity, it often involves falsifying information like an IP address, email, or website to trick a user or system into believing it’s interacting with a legitimate source. Spoofing can be used to steal sensitive data, gain unauthorized access, or disrupt communication. + +Visit the following resources to learn more: + +- [@article@Definition and Explanation of Spoofing](https://www.kaspersky.com/resource-center/definitions/spoofing) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/urlvoid@lFt1k1Q-NlWWqyDA3gWD1.md b/src/data/roadmaps/cyber-security/content/urlvoid@lFt1k1Q-NlWWqyDA3gWD1.md index e69de29bb..c61f5c340 100644 --- a/src/data/roadmaps/cyber-security/content/urlvoid@lFt1k1Q-NlWWqyDA3gWD1.md +++ b/src/data/roadmaps/cyber-security/content/urlvoid@lFt1k1Q-NlWWqyDA3gWD1.md @@ -0,0 +1,7 @@ +# UrlVoid + +UrlVoid is an online service that evaluates and analyzes websites to assess their safety and reputation. By checking a URL against various security databases and services, UrlVoid provides a summary of potential risks, such as malware, phishing, or blacklisting. This helps users identify and avoid potentially harmful or malicious websites. + +Visit the following resources to learn more: + +- [@official@UrlVoid](https://www.urlvoid.com/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/vlan-hopping@u4hySof6if5hiONSaW-Uf.md b/src/data/roadmaps/cyber-security/content/vlan-hopping@u4hySof6if5hiONSaW-Uf.md index e69de29bb..962dc5fa0 100644 --- a/src/data/roadmaps/cyber-security/content/vlan-hopping@u4hySof6if5hiONSaW-Uf.md +++ b/src/data/roadmaps/cyber-security/content/vlan-hopping@u4hySof6if5hiONSaW-Uf.md @@ -0,0 +1,7 @@ +# VLAN Hopping + +VLAN hopping is a network attack where an attacker exploits vulnerabilities in the VLAN (Virtual Local Area Network) configuration to gain unauthorized access to traffic on different VLANs. By manipulating VLAN tagging, the attacker can "hop" from one VLAN to another, bypassing network segmentation. This can be achieved using methods like switch spoofing or double tagging, allowing the attacker to intercept, alter, or reroute traffic within a network that was supposed to be isolated. + +Visit the following resources to learn more: + +- [@article@What is VLAN Hopping?](https://www.packetlabs.net/posts/what-is-vlan-hopping/) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/wpa-vs-wpa2-vs-wpa3-vs-wep@MBnDE0VyVh2u2p-r90jVk.md b/src/data/roadmaps/cyber-security/content/wpa-vs-wpa2-vs-wpa3-vs-wep@MBnDE0VyVh2u2p-r90jVk.md index 071b81b41..221853887 100644 --- a/src/data/roadmaps/cyber-security/content/wpa-vs-wpa2-vs-wpa3-vs-wep@MBnDE0VyVh2u2p-r90jVk.md +++ b/src/data/roadmaps/cyber-security/content/wpa-vs-wpa2-vs-wpa3-vs-wep@MBnDE0VyVh2u2p-r90jVk.md @@ -1,14 +1,7 @@ -# WPA vs WPA2 vs WPA3 vs WEP - -WEP (Wired Equivalent Privacy): WEP is the oldest and least secure of the protocols listed. It uses a static 64-bit or 128-bit key for encryption, which is vulnerable to various attacks due to weak encryption and poor key management. It's considered obsolete and should not be used. - -WPA (Wi-Fi Protected Access): WPA improved upon WEP by introducing TKIP (Temporal Key Integrity Protocol), which dynamically changes encryption keys and provides better security. However, it still has vulnerabilities and is considered less secure compared to WPA2 and WPA3. - -WPA2 (Wi-Fi Protected Access 2): WPA2 introduced AES (Advanced Encryption Standard) for stronger encryption, replacing TKIP. It provides improved security compared to WPA by using more robust encryption and authentication methods. It is generally considered secure but has some known vulnerabilities, especially in implementation. - -WPA3 (Wi-Fi Protected Access 3): WPA3 is the most current standard and offers enhanced security features. It uses SAE (Simultaneous Authentication of Equals) for more secure password-based authentication and improved encryption. WPA3 provides stronger protection against brute-force attacks and ensures better security for both personal and enterprise networks. It also includes forward secrecy, which helps protect past communications from future compromises. - -Visit the following resources to learn more: - -- [@article@wep-vs-wpa-vs-wpa2-vs-wpa3]https://community.fs.com/article/wep-vs-wpa-vs-wpa2-vs-wpa3.html -- [@article@Wifi Protected Access (WPA)]https://www.geeksforgeeks.org/wifi-protected-access-wpa/ +# WPA vs WPA2 vs WPA3 vs WEP + +WEP (Wired Equivalent Privacy) is an outdated and insecure wireless encryption standard that was the first to secure Wi-Fi networks but is now considered highly vulnerable to attacks. WPA (Wi-Fi Protected Access) improved upon WEP with stronger encryption and authentication methods, but it still had some security weaknesses. WPA2, the successor to WPA, introduced more robust encryption with the Advanced Encryption Standard (AES) and improved security overall. WPA3, the latest standard, offers enhanced security features such as stronger encryption, improved protection against brute-force attacks, and better security for public networks. Each successive standard provides increased security and protection for wireless networks. + +Visit the following resources to learn more: + +- [@article@What Is Wi-Fi Security? WEP, WPA, WPA2 & WPA3 Differences](https://nilesecure.com/network-security/what-is-wi-fi-security-wep-wpa-wpa2-wpa3-differences) \ No newline at end of file diff --git a/src/data/roadmaps/cyber-security/content/wps@HSCGbM2-aTnJWUX6jGaDP.md b/src/data/roadmaps/cyber-security/content/wps@HSCGbM2-aTnJWUX6jGaDP.md index e69de29bb..962052e0f 100644 --- a/src/data/roadmaps/cyber-security/content/wps@HSCGbM2-aTnJWUX6jGaDP.md +++ b/src/data/roadmaps/cyber-security/content/wps@HSCGbM2-aTnJWUX6jGaDP.md @@ -0,0 +1,7 @@ +# WPS + +Wi-Fi Protected Setup (WPS) is a network security standard designed to make it easier to connect devices to a secure wireless network. It allows users to add devices to a Wi-Fi network using a simple setup process, typically involving pressing a WPS button on the router and the device or entering a PIN. While WPS simplifies the connection process, it has known security vulnerabilities, which can potentially be exploited to gain unauthorized access to the network. + +Visit the following resources to learn more: + +- [@article@What Is WPS and Why Is It Dangerous?](https://blog.pulsarsecurity.com/what-is-wps-why-is-it-dangerous) \ No newline at end of file